Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

CodiMD <2.5.4 - Insecure Filename Randomization

CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...

UBUNTU-CVE-2026-42500

Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image...

Exploit for CVE-2026-27771

CVE-2026-27771 — Gitea Container Registry Auth Bypass CVSS:...

CVE-2026-42181 Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...

CVE-2026-42181

Lemmy prior to 0.19.18 is vulnerable to SSRF through post link metadata: the system validates the top-level URL against internal ranges, but the og:image URL extracted from the page is not subjected to the same restriction. An authenticated low-privileged user can post a page whose og:image point...

EUVD-2026-23275

Silverstripe Assets Module has a DBFile::getURL permission bypass...

PT-2026-33347

Name of the Vulnerable Software and Affected Versions Silverstripe Assets Module versions prior to 2.4.5 Silverstripe Assets Module versions 3.0.0-rc1 through 3.1.2 Description Images rendered in templates or accessed via 'DBFile::getURL' or 'DBFile::getSourceURL' incorrectly add an access grant ...

OpenEMR 安全漏洞

OpenEMR is an open-source medical management system developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

Directory Traversal

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Directory Traversal in the matchPathname method. An attacker can access unauthorized paths in the /image endpoint by crafting a remote URL that includes an...

PYSEC-2026-80

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

CVE-2026-33484

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

PT-2026-22331

PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when a victim clicks the link associated with the uploaded image. In version 5.9.0-rc7 clicking the link associated with...

LangChain affected by SSRF via image_url token counting in ChatOpenAI.get_num_tokens_from_messages

Server-Side Request Forgery SSRF in ChatOpenAI Image Token Counting Summary The ChatOpenAI.getnumtokensfrommessages method fetches arbitrary imageurl values without validation when computing token counts for vision-enabled models. This allows attackers to trigger Server-Side Request Forgery SSRF...

CVE-2023-31679

Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter...

CVE-2023-40134

In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-40137

In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2019-20580

An issue was discovered on Samsung mobile devices with P9.0 software. The Motion photo player allows attackers to bypass the Secure Folder feature to view images. The Samsung ID is SVE-2019-14653 August 2019...

CVE-2020-10952

GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...

CVE-2025-43470

CVE-2025-43470 is a macOS Tahoe 26.x vulnerability where a standard user could view files from a disk image created by an administrator due to insufficient permission checks. The public descriptions consistently state a permissions issue that was addressed with additional restrictions, and that t...