59 matches found
CVE-2026-56298
Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...
CVE-2026-56298 Capgo - EXIF Metadata Exposure in App Information Image Upload
Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...
EUVD-2026-42256
Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...
CVE-2026-56298
Capgo CVE-2026-56298 affects Capgo prior to 12.128.2, where the app information image upload endpoint does not strip EXIF metadata, exposing geolocation and embedded metadata. Root cause: failure to strip EXIF during upload. Impact: potential leakage of geographic location data. Remediation: upgr...
CVE-2026-56218
Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...
EUVD-2026-38114
Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...
CVE-2026-56218
Capgo prior to 12.128.2 does not strip EXIF metadata (including GPS coordinates) from uploaded images, enabling disclosure of users’ precise location. Attackers can download images and extract coordinates at capture time. Remediation: upgrade Capgo to version 12.128.2 or later.
PT-2026-51146
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The software fails to strip EXIF metadata, which includes GPS geolocation data, from uploaded images. This leads to information disclosure, as attackers can download these images and extract precise...
Biometrics, diagnoses, and bank details exposed in major healthcare breach
NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...
CVE-2026-27892 FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download
FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadat...
PT-2026-38611
Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2026 Description A sensitive information disclosure issue exists in the Library module of FacturaScripts. The application stores and serves uploaded images byte-for-byte without stripping EXIF, XMP, or IPTC...
Are you paying more than other people? NY cracks down on surveillance pricing
When you search for a product online, you might think you're getting the same price as everyone else. Think again. Your price might be different based on everything from your location to what you've looked at online. Companies often use algorithms to set their prices that rely heavily on customer...
CVE-2025-6026
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...
CVE-2025-6026
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...
📄 Packet Storm EXIF Data Disclosure
A bad code push allowed EXIF data to remain in some photos on Packet Storm. Our analysis shows only 0.004% of uploaded pictures were affected and they have all been stripped to ensure no further exposure. Fortunately, the affected pictures only include items related to an admin of the site and th...
EUVD-2016-2874
Malware in sbrugna...
EUVD-2019-6675
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-10109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Information Exposure issue issue 1 of 2 was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before...
Buy It Now, Track Me Later: Attacking User Privacy Via Wi-Fi AP Online Auctions
Static and hard-coded layer-two network identifiers are well known to present security vulnerabilities and endanger user privacy. In this work, we introduce a new privacy attack against Wi-Fi access points listed on secondhand marketplaces. Specifically, we demonstrate the ability to remotely...
CVE-2024-20431
A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this...