8 matches found
CVE-2026-35455 immich has Stored XSS via OCR Text in 360° Panorama Viewer
immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...
immich 跨站脚本漏洞
immich is a high-performance, open-source, self-hosted solution for managing photos and videos. Versions of immich prior to 2.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a stored-cross-site scripting flaw within the 360-degree panorama viewer, which could...
CVE-2026-25118
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
EUVD-2026-18756
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
CVE-2026-25118 immich-server: Insecure Transmission of Authentication Credentials via Password Parameter in HTTP Request Query String When Accessing Shared Albums
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
immich security vulnerability
immich is a high-performance, open-source self-hosted solution for managing photos and videos. Versions of immich prior to 2.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that API keys could elevate their own permissions by calling the update endpoint, allowi...
EUVD-2025-21169
Malicious code in bioql PyPI...
CVE-2025-43856
The CVE-2025-43856 entry concerns immich, a self-hosted photo/video management solution. Affected versions are prior to 1.132.0. The root cause is that the OAuth2 state parameter is not validated, which defeats CSRF protection. When immich uses the /user-settings page as a redirect URI, an attack...