22 matches found
CVE-2026-40096
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...
CVE-2026-40096
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...
CVE-2026-40096 immich: Open Redirect via Shared Album name
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...
CVE-2026-40096 immich: Open Redirect via Shared Album name
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...
CVE-2026-40096
Immich (self-hosted photo/video manager) contains an open redirect in rendering via the shared album name in API code (api.service.ts) affecting versions prior to 2.7.3. An attacker can craft a shared album name that injects a URL into a meta refresh, causing a victim opening the shared link to ...
CVE-2026-25118
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
Use of GET Request Method With Sensitive Query Strings
Overview @immich/sdk is an Auto-generated TypeScript SDK for the Immich API Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the transmission of authentication credentials in the password parameter within the HTTP request query string...
CVE-2026-25118
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
CVE-2026-25118
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
EUVD-2026-18756
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
PT-2026-30190
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
immich 安全漏洞
Immich is a high-performance, open-source self-hosted photo and video management solution developed by Immich. Versions of Immich prior to 2.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the transmission of passwords during the shared album authentication process via...
EUVD-2022-45870
Malicious code in bioql PyPI...
CVE-2022-42807
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key...
CVE-2022-42807
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key...
CVE-2022-42807
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key...
CVE-2022-42807
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key...
Code injection
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key...
CVE-2022-42807
CVE-2022-42807 is tied to macOS Ventura 13 where a logic issue in managing Shared Albums could allow a user to accidentally add a participant by pressing Delete. The vulnerability is described across multiple sources (including Apple HT213488 and Red Hat’s RH:CVE entry) as a state-management flaw...
Apple macOS Ventura 安全漏洞
Apple macOS Ventura is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Ventura, which stems from a logic issue that may allow users to accidentally add participants to a shared album by pressing the delete key...