92 matches found
CVE-2026-52812
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone /// but per-repo authorization lives in the lfsobject table keyed repoid, oid. serveUpload skips re-uploading when the OID file already exists on disk and inserts a new repoid, oid r...
CVE-2026-44692
Sharp is a content management framework built for Laravel as a package. Prior to version 9.22.0, Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage disk and path from request parameters. Because the...
sharp 安全漏洞
Sharp is a personal development tool by Lovell, designed to convert large images in common formats into smaller, web-friendly JPEG, PNG, WebP, GIF, and AVIF images. Versions of Sharp prior to 9.22.0 contained a security vulnerability. This vulnerability stemmed from the general download endpoint...
CVE-2026-9508 Incorrect Permission Assignment for Critical Resource vulnerability in Suprema's BioStar
Incorrect permission settings on a critical resource in Suprema BioStar 2 versions 2.9.3 through 2.9.11 that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly...
CVE-2026-44776 Kavita: IDOR in /api/Download/*
Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can downloa...
PT-2026-42553
Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description The submit password method in 'concrete/controllers/single page/download file.php' allows unauthorized file access because the process for downloading permission-restricted files bypasses the...
CVE-2026-35165
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...
CVE-2026-35165 LORIS has incorrect access checks in document_repository
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...
PYSEC-2026-80
Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...
CVE-2026-25633 Statamic's missing authorization allows access to assets
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take...
CIPPlanner CIPAce 安全漏洞
CIPPlanner CIPAce is a business process automation and application development platform provided by the American company CIPPlanner. Versions of CIPPlanner CIPAce prior to version 9.17 contained security vulnerabilities. These vulnerabilities were due to access control defects in the File Downloa...
phpMyFAQ Access Control Vulnerability
phpMyFAQ is a multilingual, database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ 4.0.16 and earlier contained an access control vulnerability caused by insufficient permission checks. This vulnerability could allow unauthorized users to download FAQ attachments...
CVE-2026-23878
HotCRP vulnerability CVE-2026-23878: Affects HotCRP conference review software where, from commit aa20ef288828b04550950cf67c831af8a525f508 to before commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a site could use the document API to download any submissio...
CVE-2019-18383
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files remotely from terramasterTNAS-00E43Aconfigbackup.bin without permission...
CVE-2019-20484
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in...
CVE-2025-15066 Arbitrary File Download through Path Traversal in Innorix WP
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Missing Authorization vulnerability in Innorix WP allows Path Traversal.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed ex: innorix/exam...
TP-Link WA850RE 安全漏洞
TP-Link WA850RE is a wireless signal extender from China P&L TP-Link. A security vulnerability exists in the TP-Link WA850RE V2160527 and prior versions, which stems from improper authentication of the httpd module and could result in the downloading of configuration files...
CVE-2023-53930 ProjectSend r1605 Insecure Direct Object Reference File Download Vulnerability
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.p...
CVE-2016-20023
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided...
CVE-2016-20023
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from the server if the correct path to a file was provided...