EUVD-2021-6753

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-5398

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a...

Linux Distros Unpatched Vulnerability : CVE-2025-41234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when...

Linux Distros Unpatched Vulnerability : CVE-2016-3168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests th...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Sinatra vulnerabilities (USN-7664-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7664-1 advisory. It was discovered that Sinatra incorrectly handled serving static files. An attacker could possibly use this issue to...

USN-7664-1: Sinatra vulnerabilities

It was discovered that Sinatra incorrectly handled serving static files. An attacker could possibly use this issue to perform local file inclusion, obtaining sensitive information. CVE-2022-29970 It was discovered that Sinatra incorrectly handled special characters in the Content-Disposition HTTP...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download (RFD) attack.

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses an application is vulnerable to a reflected file download RFD attack.The filename is derived from user-supplied input but sanitized by the application. Vulnerability Details CVEID:CVE-2025-41234 DESCRIPTION:...

Spring Framework 6.0.5 < 6.0.29 / 6.1.x < 6.1.21 / 6.2.x < 6.2.8 Reflected File Download (CVE-2025-41234)

The version of Spring Framework installed on the remote host is 6.0.5 prior to 6.0.29, 6.1.x prior to 6.1.21, or 6.2.x prior to 6.2.8. It is, therefore, affected by a reflected file download vulnerability: - In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application...

TencentOS Server 4: python-django (TSSA-2024:0715)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0715 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 3: pcs (TSSA-2023:0189)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0189 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Spring Framework vulnerable to a reflected file download (RFD)

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

GHSA-6R3C-XF4W-JXJM Spring Framework vulnerable to a reflected file download (RFD)

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

VMware Spring Framework 6.0.5 - 6.0.28, 6.1.0 - 6.1.20, 6.2.0 - 6.2.7 RFD Vulnerability - Windows

The VMware Spring Framework is prone to a reflected file download RFD vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-41234

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

UBUNTU-CVE-2025-41234

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

CVE-2025-41234

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

CVE-2025-41234

CVE-2025-41234 : In Spring Framework, versions 6.0.x up to 6.0.28, 6.1.x up to 6.1.20, and 6.2.x up to 6.2.7 are vulnerable to a reflected file download (RFD) attack when a response header uses non-ASCII charset in the filename derived from user input via ContentDisposition.Builder#filename(Strin...

PT-2025-25357 · Unknown · Spring Framework

Name of the Vulnerable Software and Affected Versions: Spring Framework versions 6.0.5 through 6.0.28 Spring Framework versions 6.1.0 through 6.1.20 Spring Framework versions 6.2.0 through 6.2.7 Description: The issue allows remote attackers to launch Reflected File Download RFD attacks via...

CVE-2022-4794

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it Reflected File Download to bypass firewall rules in companies...

CVE-2022-36359

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download RFD attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input...