Lucene search
K

47 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-53662

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 5:36 p.m.3 views

CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS5.9AI score0.00235EPSS
Exploits0References4
CVE
CVE
added 2026/06/23 5:36 p.m.22 views

CVE-2026-53662

Immich (self-hosted photo/video management) has a reflected XSS in the /auth/login page observed between commits 4ffa26c9 and 4eb1003. The continue query parameter is read from the URL and passed to SvelteKit redirect() without URL scheme/origin validation, enabling attacker-controlled JavaScript...

9.6CVSS5.8AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 5:36 p.m.42 views

CVE-2026-53662 immich: One-click account takeover via XSS in login page continue redirect

immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting XSS vulnerability on the /auth/login page allows an attacker to fully compromise any authenticated user's account with a single link click. The contin...

9.6CVSS0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51576

Name of the Vulnerable Software and Affected Versions immich versions 4ffa26c9 through 4eb1003 Description A reflected cross-site scripting XSS issue exists on the '/auth/login' page. The continue query parameter is processed by SvelteKit's redirect function without proper scheme or origin...

9.6CVSS6AI score0.00235EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.11 views

CVE-2026-40185

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

immich 安全漏洞

Immich is a high-performance, open-source managed solution for photo and video management. Versions of Immich prior to 2.7.3 contained security vulnerabilities. These vulnerabilities stemmed from an open redirection issue in the shared album feature, which could lead to phishing attacks...

5.4CVSS5.8AI score0.00206EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 11:54 p.m.10 views

CVE-2026-40096

immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...

5.1CVSS5.6AI score0.00206EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/14 11:54 p.m.40 views

CVE-2026-40096

Immich (self-hosted photo/video manager) contains an open redirect in rendering via the shared album name in API code (api.service.ts) affecting versions prior to 2.7.3. An attacker can craft a shared album name that injects a URL into a meta refresh, causing a victim opening the shared link to ...

5.4CVSS5.6AI score0.00206EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.16 views

PT-2026-33001

immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...

5.1CVSS5.6AI score0.00206EPSS
Exploits1References3
NVD
NVD
added 2026/04/10 8:16 p.m.17 views

CVE-2026-40185

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2...

7.1CVSS0.00209EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 7:40 p.m.25 views

CVE-2026-40185 Missing Authorization on Immich Trip Photo Routes in TREK

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2...

7.1CVSS0.00209EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 7:40 p.m.24 views

CVE-2026-40185

CVE-2026-40185 concerns TREK, a collaborative travel planner. It identifies missing authorization checks on the Immich trip photo management routes before version 2.7.2, which could allow unauthorized access to trip photos. The issue is addressed in TREK 2.7.2. The CVSS metrics indicate a high-se...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/10 7:40 p.m.5 views

CVE-2026-40185

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/10 7:40 p.m.7 views

EUVD-2026-21587

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 7:40 p.m.6 views

CVE-2026-40185 Missing Authorization on Immich Trip Photo Routes in TREK

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.11 views

PT-2026-32037

TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/08 6:31 p.m.23 views

CVE-2026-35455 immich has Stored XSS via OCR Text in 360° Panorama Viewer

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

7.3CVSS0.00225EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/08 6:31 p.m.5 views

CVE-2026-35455 immich has Stored XSS via OCR Text in 360° Panorama Viewer

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

7.3CVSS6.1AI score0.00225EPSS
Exploits1References1
CVE
CVE
added 2026/04/08 6:31 p.m.20 views

CVE-2026-35455

Immich (self-hosted photo/video management) has a Stored XSS in the 360° panorama viewer prior to version 2.7.0. An authenticated user can upload an equirectangular image containing crafted text; OCR extracts it and the panorama viewer renders it via innerHTML without sanitization. This allows ar...

7.3CVSS6.1AI score0.00225EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder