Lucene search
K

56 matches found

VulnCheck KEV
VulnCheck KEV
added 2026/06/12 12:0 a.m.13 views

VulnCheck KEV: CVE-2020-6286

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal...

5.3CVSS6.2AI score0.28312EPSS
In wildExploits3References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.8 views

CVE-2026-34242

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

7.7CVSS5.3AI score0.00465EPSS
Exploits0References1
OSV
OSV
added 2026/04/16 8:43 p.m.5 views

GHSA-HV99-MXM5-Q397 Weblate: Arbitrary File Read via Symlink

Impact The ZIP download feature didn't verify downloaded file and it could follow symlinks outside the repository. Patches https://github.com/WeblateOrg/weblate/pull/18683 References Thanks to @DavidCarliez for reporting this vulnerability via GitHub...

7.7CVSS5.8AI score0.00465EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/16 8:43 p.m.7 views

Weblate: Arbitrary File Read via Symlink

Impact The ZIP download feature didn't verify downloaded file and it could follow symlinks outside the repository. Patches https://github.com/WeblateOrg/weblate/pull/18683 References Thanks to @DavidCarliez for reporting this vulnerability via GitHub...

7.7CVSS5.8AI score0.00465EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/15 7:16 p.m.6 views

CVE-2026-34242

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

7.7CVSS0.00465EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 6:19 p.m.22 views

CVE-2026-34242 Weblate: Arbitrary File Read via Symlink

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

7.7CVSS0.00465EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 6:19 p.m.3 views

CVE-2026-34242 Weblate: Arbitrary File Read via Symlink

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

7.7CVSS5.7AI score0.00465EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 6:19 p.m.12 views

CVE-2026-34242

CVE-2026-34242 affects Weblate, where the ZIP download feature in versions prior to 5.17 did not verify downloaded files, potentially allowing access to files via symlinks outside the repository. The issue has been fixed in version 5.17.

7.7CVSS5.7AI score0.00465EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/15 6:19 p.m.7 views

CVE-2026-34242

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17...

7.7CVSS5.7AI score0.00465EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.8 views

Weblate 安全漏洞

Weblate is an open-source, copyleft, web-based free software system for continuous localization. Versions of Weblate prior to 5.17 contained security vulnerabilities, which stemmed from the ZIP download feature not verifying the files being downloaded; these vulnerabilities could exploit symbolic...

7.7CVSS5.8AI score0.00465EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/03/13 1:28 p.m.9 views

Investigating a New Click-Fix Variant

Disclaimer : This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content...

6.3AI score
Exploits0
OSV
OSV
added 2025/12/29 3:24 p.m.4 views

CVE-2025-69200 phpMyFAQ has unauthenticated config backup download via /api/setup/backup

phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via POST /api/setup/backup and then download the generated ZIP from a web-accessible location. The ZIP contains sensitive...

7.5CVSS6.3AI score0.02005EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/18 7:36 a.m.6 views

CVE-2025-14399

The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the downloadpluginbulk and downloadthemebulk functions. This makes it possibl...

4.3CVSS5.3AI score0.00104EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/28 8:8 p.m.12 views

CVE-2025-65963

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has bee...

5.4CVSS6.7AI score0.00157EPSS
Exploits0References1
NVD
NVD
added 2025/11/26 12:15 a.m.9 views

CVE-2025-65963

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has bee...

5.4CVSS0.00157EPSS
Exploits0References2
CVE
CVE
added 2025/11/25 11:38 p.m.9 views

CVE-2025-65963

CVE-2025-65963 affects the Files module used to manage files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users in public spaces to create folders and to upload or download files as a ZIP archive; private spaces are not ...

5.4CVSS6.4AI score0.00157EPSS
Exploits0References2
OSV
OSV
added 2025/11/25 11:38 p.m.4 views

CVE-2025-65963 CFiles Unauthorized Folder/ZIP Access in Public Spaces

Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has bee...

5.4CVSS6.6AI score0.00157EPSS
Exploits0References4
CVE
CVE
added 2025/11/11 3:30 a.m.26 views

CVE-2025-11521

CVE-2025-11521 : Astra Security Suite – Firewall & Malware Scan WordPress plugin (versions up to 0.2) is vulnerable to unauthenticated arbitrary file upload due to insufficient validation of remote URLs for zip downloads and a easily guessable key. The vulnerability can allow uploading arbitrary ...

8.1CVSS7.2AI score0.00431EPSS
Exploits0References2
OSV
OSV
added 2025/10/23 11:15 a.m.3 views

CVE-2025-41073

Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories e.g., ......, by exploiting the “direstudio” parameter in...

6.5CVSS5.8AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2025/10/23 11:15 a.m.5 views

CVE-2025-41073

Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories e.g., ......, by exploiting the “direstudio” parameter in...

7.1CVSS0.00343EPSS
Exploits0References1
Rows per page
Query Builder