Lucene search
K

12 matches found

NVD
NVD
added 2026/06/10 3:16 p.m.17 views

CVE-2026-53470

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

9.6CVSS0.0028EPSS
Exploits0References3
NVD
NVD
added 2026/04/06 8:16 p.m.7 views

CVE-2026-35183

Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference IDOR vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard/ArticleController.php within the deleteImage method. The endpoint accepts a filename from the URL b...

7.1CVSS0.00201EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.8 views

Wallos 安全漏洞

Wallos is an open-source personal subscription tracker developed by Miguel Ribeiro. Versions of Wallos prior to 4.6.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification at the delete endpoint to ensure that the image being deleted belongs to the curren...

4.3CVSS5.8AI score0.00297EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.5 views

CVE-2025-32329

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.8AI score0.00086EPSS
Exploits0References1
CVE
CVE
added 2025/12/08 4:56 p.m.16 views

CVE-2025-32328

CVE-2025-32328 is an Android logic-error vulnerability in multiple Session.java functions that lets an attacker view images from another user, causing local privilege elevation with no extra execution privileges or user interaction required. Affected: Android Framework code path involving Session...

7.8CVSS6.5AI score0.00086EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/12/08 12:0 a.m.4 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android that stems from a logic error issue in Session.java that could lead to viewing images of other users on the device...

7.8CVSS6.3AI score0.00086EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/07 4:33 p.m.10 views

CVE-2025-32320

In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.7AI score0.00073EPSS
Exploits0References1
NVD
NVD
added 2025/09/02 11:15 p.m.6 views

CVE-2025-22416

In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00075EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.5 views

PT-2025-35621

Name of the Vulnerable Software and Affected Versions: ChooserActivity.java affected versions not specified Description: The application contains a confused deputy issue in the onCreate method of the ChooserActivity.java file. This could allow an attacker to view images belonging to other users,...

7.8CVSS6.1AI score0.00075EPSS
Exploits0References5
NVD
NVD
added 2025/08/25 2:15 p.m.5 views

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

7.5CVSS0.0038EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/25 12:0 a.m.9 views

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

0.0038EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/25 12:0 a.m.15 views

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

6.7AI score0.0038EPSS
Exploits0References2
Rows per page
Query Builder