53 matches found
CVE-2026-59995
sftp in OpenSSH before 10.4 does not properly constrain the location of downloaded files when "sftp server:/path ." is used with an attacker-controlled server...
CVE-2026-7879
In Concrete CMS 9.5.0 and below, the submitpassword method in concrete/controllers/singlepage/downloadfile.php allows unauthorized file access since downloading permission-restricted files bypasses the viewfile permission check. Files without passwords can be downloaded and any user who knows a...
CVE-2026-35165 LORIS has incorrect access checks in document_repository
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the documentrepository frontend was restricting file access, the backend endpoint was not...
LORIS Neuroimaging Platform 安全漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open source developed by ACElab. Versions of LORIS Neuroimaging Platform from 21.0.0 to 27.0.3, as well as versions before 28.0.1, have security vulnerabilities. These vulnerabilities stem from the backend endpoints not properly verifying...
PT-2026-4550
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions 4.0.16 and below Description A logged-in user without the necessary permission can download FAQ attachments. This is due to an incorrect permission check in the attachment.php file, where the presence of a permission key is...
WordPress plugin F70 Lead Document Download 安全漏洞
...
CVE-2025-35052
Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...
EUVD-2020-6256
Malware in sbrugna...
EUVD-2018-2935
Malware in sbrugna...
EUVD-2019-8168
Malware in sbrugna...
EUVD-2008-3731
Malware in sbrugna...
EUVD-2024-50423
Malicious code in bioql PyPI...
EUVD-2024-35291
Malicious code in bioql PyPI...
EUVD-2022-43116
Malicious code in bioql PyPI...
CVE-2024-47192
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download...
CVE-2024-47192
An issue was discovered in Mahara 23.04.8 and 24.04.4. The use of a malicious export download URL can allow an attacker to download files that they do not have permission to download...
PT-2025-31712 · Mozilla +1 · Firefox For Ios +9
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 141 Description: Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. Recommendations: Update Firefox for iOS...
CVE-2024-44408
D-Link DIR-823G v1.0.2B0520181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords...
CVE-2022-3762
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.5, Booster Elite for WooCommerce WordPress plugin before 1.1.7 do not validate files to download in some of its modules, which could allow ShopManager and Admin to download arbitrar...
CVE-2020-14097
Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version 1.0.18...