CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

60 matches found

ATTACKERKB•added 2026/04/17 7:19 p.m.•0 views

CVE-2026-35061

Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery...

5.3CVSS5.7AI score0.00076EPSS

Exploits0References4

Positive Technologies•added 2026/04/10 12:0 a.m.•1 views

PT-2026-32036

TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2...

3.7CVSS5.8AI score0.00068EPSS

Exploits0References4

CVE•added 2026/02/25 6:46 p.m.•11 views

CVE-2026-25929

OpenEMR prior to 8.0.0 is vulnerable in the document controller’s patient_picture context: an authenticated user with document ACL can supply another patient’s ID to retrieve that patient’s photo without proper authorization. Impact is restricted to disclosure of patient photos (confidentiality),...

6.5CVSS5.5AI score0.00132EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/02/25 6:46 p.m.•2 views

CVE-2026-25929

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controller’s patientpicture context serves the patient’s photo by document ID or patient ID without verifying that the current user is authorized to access...

6.5CVSS5.8AI score0.00132EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/02/25 6:46 p.m.•19 views

CVE-2026-25929 OpenEMR Patient Picture Context Allows Arbitrary Patient Photo Retrieval

6.5CVSS0.00132EPSS

Exploits1References2

ATTACKERKB•added 2026/02/11 10:58 p.m.•3 views

CVE-2026-20642

An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen...

2.4CVSS5.3AI score0.00026EPSS

Exploits0References2

Vulnrichment•added 2026/02/11 10:58 p.m.•2 views

CVE-2026-20642

An input validation issue was addressed. This issue is fixed in iOS 26.3 and iPadOS 26.3. A person with physical access to an iOS device may be able to access photos from the lock screen...

5.4AI score0.00026EPSS

Exploits0References1

Hacker One•added 2026/01/21 3:7 a.m.•4 views

Nextcloud: IDOR on ██████ via direct photo URL leads to unauthorized access to deleted and other users' photos

Summary: An Insecure Direct Object Reference IDOR vulnerability exists in the application that allows unauthorized access to photos belonging to other users. The application does not properly validate whether the logged-in user is authorized to access a photo when accessing it via direct URL. Thi...

5.9AI score

Exploits0

RedhatCVE•added 2026/01/09 12:29 p.m.•7 views

CVE-2023-40438

An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory...

5.5CVSS5.4AI score0.00061EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:56 a.m.•3 views

CVE-2018-4387

A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management. This issue affected versions prior to iOS 12.1...

2.4CVSS5.3AI score0.00057EPSS

Exploits0References1