Lucene search
K

59 matches found

NVD
NVD
added yesterday6 views

CVE-2026-56298

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday17 views

CVE-2026-56298 Capgo - EXIF Metadata Exposure in App Information Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-42256

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-56298

Capgo CVE-2026-56298 affects Capgo prior to 12.128.2, where the app information image upload endpoint does not strip EXIF metadata, exposing geolocation and embedded metadata. Root cause: failure to strip EXIF during upload. Impact: potential leakage of geographic location data. Remediation: upgr...

5.3CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/20 4:17 p.m.10 views

CVE-2026-56218

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

6.9CVSS0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38114

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

6.9CVSS5.8AI score0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.22 views

CVE-2026-56218

Capgo prior to 12.128.2 does not strip EXIF metadata (including GPS coordinates) from uploaded images, enabling disclosure of users’ precise location. Attackers can download images and extract coordinates at capture time. Remediation: upgrade Capgo to version 12.128.2 or later.

6.9CVSS5.8AI score0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.14 views

PT-2026-51146

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The software fails to strip EXIF metadata, which includes GPS geolocation data, from uploaded images. This leads to information disclosure, as attackers can download these images and extract precise...

6.9CVSS5.8AI score0.00205EPSS
Exploits0References8
Malwarebytes
Malwarebytes
added 2026/05/19 3:56 p.m.14 views

Biometrics, diagnoses, and bank details exposed in major healthcare breach

NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...

5.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/18 9:51 p.m.9 views

CVE-2026-27892 FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadat...

6.5CVSS5.7AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38611

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2026 Description A sensitive information disclosure issue exists in the Library module of FacturaScripts. The application stores and serves uploaded images byte-for-byte without stripping EXIF, XMP, or IPTC...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References7
Malwarebytes
Malwarebytes
added 2025/11/13 12:51 p.m.7 views

Are you paying more than other people? NY cracks down on surveillance pricing

When you search for a product online, you might think you're getting the same price as everyone else. Think again. Your price might be different based on everything from your location to what you've looked at online. Companies often use algorithms to set their prices that rely heavily on customer...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/16 2:52 p.m.5 views

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

3.1CVSS6.7AI score0.00083EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/15 2:25 p.m.10 views

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

3.1CVSS0.00083EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/10/13 12:0 a.m.184 views

📄 Packet Storm EXIF Data Disclosure

A bad code push allowed EXIF data to remain in some photos on Packet Storm. Our analysis shows only 0.004% of uploaded pictures were affected and they have all been stripped to ensure no further exposure. Fortunately, the affected pictures only include items related to an admin of the site and th...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-2874

Malware in sbrugna...

6.5CVSS7.4AI score0.02822EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-6675

Malware in sbrugna...

5.3CVSS5.3AI score0.01608EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-10109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Information Exposure issue issue 1 of 2 was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before...

5.3CVSS6.2AI score0.01961EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.4 views

Buy It Now, Track Me Later: Attacking User Privacy Via Wi-Fi AP Online Auctions

Static and hard-coded layer-two network identifiers are well known to present security vulnerabilities and endanger user privacy. In this work, we introduce a new privacy attack against Wi-Fi access points listed on secondhand marketplaces. Specifically, we demonstrate the ability to remotely...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 6:14 a.m.6 views

CVE-2024-20431

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this...

5.8CVSS5.8AI score0.00385EPSS
Exploits0References1
Rows per page
Query Builder