CVE-2026-42590

Gotenberg contains a vulnerability (CVE-2026-42590) where ExifTool group-prefix syntax can bypass the dangerous-tag blocklist in metadata handling, allowing arbitrary file rename, move, hardlinks, and symlinks on the server. The issue exists prior to version 8.30.0; the safeKeyPattern and prefix ...

Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...

Primer by Google - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Primer by Google published at the 'play' market has multiple vulnerabilities...

Buffalo Linkstation Privilege Escalation / Information Disclosure Vulnerabilities

Buffalo Linkstation suffers from information disclosure and privilege escalation vulnerabilities. Product. Linkstation & Others Platform. Buffalo Technology Affected versions. Including Actual Version Severity Rating. Medium Impact. Privilege escalation, Information Disclosure Attack Vector. From...