Lucene search
K

53 matches found

Debian CVE
Debian CVE
added 2 days ago3 views

CVE-2026-59995

sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...

5.4CVSS6AI score0.00202EPSS
Exploits0
NVD
NVD
added 2026/05/21 10:16 p.m.18 views

CVE-2026-7879

In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...

6.3CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 6:23 p.m.24 views

CVE-2026-35165 LORIS has incorrect access checks in document_repository

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...

6.3CVSS0.00165EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

LORIS Neuroimaging Platform 安全漏洞

LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions of LORIS Neuroimaging Platform from 21.0.0 to 27.0.3, as well as versions before 28.0.1, have security vulnerabilities. These vulnerabilities stem from the backend endpoints not properly verifying...

6.5CVSS5.8AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.6 views

PT-2026-4550

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions 4.0.16 and below Description A logged-in user without the necessary permission can download FAQ attachments. This is due to an incorrect permission check in the attachment.php file, where the presence of a permission key is...

6.5CVSS5.3AI score0.0042EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/12/20 12:0 a.m.5 views

WordPress plugin F70 Lead Document Download 安全漏洞

...

5.3CVSS5.8AI score0.00236EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/10 8:22 p.m.4 views

CVE-2025-35052

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

6.3CVSS7AI score0.00347EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6256

Malware in sbrugna...

7.5CVSS7.5AI score0.00861EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-2935

Malware in sbrugna...

7.5CVSS7.7AI score0.02768EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-8168

Malware in sbrugna...

7.5CVSS7.5AI score0.01604EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2008-3731

Malware in sbrugna...

5.5CVSS6.1AI score0.01395EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-50423

Malicious code in bioql PyPI...

9.4CVSS9.3AI score0.00504EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-35291

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00475EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-43116

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00914EPSS
Exploits2References1
NVD
NVD
added 2025/08/26 9:15 p.m.4 views

CVE-2024-47192

An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download...

5.3CVSS0.0015EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/26 12:0 a.m.2 views

CVE-2024-47192

An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download...

7AI score0.0015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/23 12:0 a.m.6 views

PT-2025-31712 · Mozilla +1 · Firefox For Ios +9

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 141 Description: Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. Recommendations: Update Firefox for iOS...

9.8CVSS6.2AI score0.00449EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/23 7:20 a.m.8 views

CVE-2024-44408

D-Link DIR-823G v1.0.2B0520181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords...

7.5CVSS6.8AI score0.00628EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 p.m.10 views

CVE-2022-3762

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrar...

6.5CVSS6.8AI score0.00914EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:10 p.m.10 views

CVE-2020-14097

Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version 1.0.18...

7.5CVSS6.8AI score0.00861EPSS
Exploits0
Rows per page
Query Builder