CVE-2026-39563

Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a through = 2.12...

GO-2026-4411 Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints in github.com/navidrome/navidrome

Navidrome affected by Denial of Service and disk exhaustion via oversized size parameter in /rest/getCoverArt and /share/img/ endpoints in github.com/navidrome/navidrome...

CVE-2026-25579

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...

CVE-2026-25579 Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...

CVE-2026-25579 Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints

Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the...

CVE-2026-25579

Summary: CVE-2026-25579 affects Navidrome prior to 0.60.0. Authenticated users can trigger a Denial of Service and disk exhaustion by sending an oversized size parameter to /rest/getCoverArt or /share/img/, causing extreme memory allocation and cache growth; this can kill the Navidrome process vi...

GHSA-HRR4-3WGR-68X3 Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints

Summary Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth...

Navidrome affected by Denial of Service and disk exhaustion via oversized `size` parameter in `/rest/getCoverArt` and `/share/img/<token>` endpoints

Summary Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth...

PT-2026-6437

Summary Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL /share/img/. When processing such requests, the server attempts to create an extremely large resized image, causing uncontrolled memory growth...

PT-2026-6326

Name of the Vulnerable Software and Affected Versions Navidrome versions prior to 0.60.0 Description Navidrome is a web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can cause a denial of service by providing a large size parameter to the /rest/getCoverA...

WP Social Sharing <= 2.2 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Settings » WP Social Sharing page of the...