Lucene search
+L

24 matches found

nvd
nvd
added 2026/06/29 6:16 p.m.11 views

CVE-2026-57943

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS0.0021EPSS
Exploits0References5
euvd
euvd
added 2026/06/29 5:17 p.m.10 views

EUVD-2026-40161

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
cve
cve
added 2026/06/29 5:17 p.m.13 views

CVE-2026-57943

LibrePhotos (before 1.0.0) contains a broken object-level authorization vulnerability in the SetPhotosShared endpoint. An authenticated user can bypass ownership validation and manipulate shared_to relations to grant themselves access to other users’ private photos, effectively reading arbitrary ...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/29 5:17 p.m.7 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/29 5:17 p.m.36 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS0.0021EPSS
Exploits0References5
osv
osv
added 2026/06/29 5:17 p.m.3 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS6AI score0.0021EPSS
Exploits0References8
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-27005

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00723EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-52011

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00533EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 6:47 a.m.7 views

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

4.8CVSS6.4AI score0.00533EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 3:16 a.m.3 views

CVE-2023-22903

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

9.8CVSS7AI score0.00723EPSS
Exploits0References1
nvd
nvd
added 2024/12/02 7:15 p.m.27 views

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

4.8CVSS0.00533EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/12/02 12:0 a.m.4 views

LibrePhotos 安全漏洞

LibrePhotos is a self-hosted open source photo management service open-sourced by LibrePhotos. LibrePhotos suffers from a security vulnerability that stems from susceptibility to a cross-site scripting attack, where an attacker can take over any account by uploading an HTML file on behalf of an...

4.8CVSS6AI score0.00533EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/12/02 12:0 a.m.14 views

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

5AI score0.00533EPSS
Exploits0References3
cve
cve
added 2024/12/02 12:0 a.m.56 views

CVE-2024-53617

CVE-2024-53617 is a cross-site scripting vulnerability in LibrePhotos prior to commit 32237. An attacker can take over an account by uploading an HTML file on behalf of the admin user, leveraging an IDOR flaw in the file upload mechanism. The public description and related sources consistently ci...

4.8CVSS6.4AI score0.00533EPSS
Exploits0References3
cvelist
cvelist
added 2024/12/02 12:0 a.m.26 views

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

0.00533EPSS
Exploits0References3
osv
osv
added 2024/12/02 12:0 a.m.8 views

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

4.8CVSS6.3AI score0.00533EPSS
Exploits0References5
nvd
nvd
added 2023/01/10 6:15 a.m.35 views

CVE-2023-22903

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

9.8CVSS9.5AI score0.00723EPSS
Exploits0References2
prion
prion
added 2023/01/10 6:15 a.m.16 views

Improper access control

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

7.5CVSS9.4AI score0.00723EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/01/10 12:0 a.m.40 views

CVE-2023-22903

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

9.7AI score0.00723EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/01/10 12:0 a.m.5 views

CVE-2023-22903

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

9.5AI score0.00723EPSS
Exploits0References2
Rows per page
Query Builder