430 matches found
EUVD-2026-36309
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed...
EUVD-2026-36283
Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...
EUVD-2026-36112
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...
EUVD-2026-36111
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.1, on POSIX, escapeshellarg‘/usr/bin/wkhtmltopdf’ returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included. isexecutable then looks for a file...
Snappy 代码问题漏洞
Snappy is a PHP library developed by KNP Labs’ individual developers. It allows for the generation of thumbnails, snapshots, or PDFs from URLs or HTML pages. Versions of Snappy prior to 1.7.0 contained code vulnerabilities. These vulnerabilities stemmed from the xsl-style-sheet option, which coul...
CVE-2026-33359
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
The Sound of Malware: A Memory Forensics Approach for Android Malware Analysis Via Audio Signals
Android malware analysis is currently facing increasing challenges in achieving robust classification and detecting stealth attacks. Modern threats employ advanced evasion strategies such as code obfuscation, dynamic loading, packing, and even steganographic manipulation of traditional static and...
Missing Authorization
Overview @vitest/ui is an UI for Vitest Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshots by connecting to an exposed...
Grafana Labs < 11.6.14+security-04 / 12.2.0 < 12.2.8+security-04 / 12.3.0 < 12.3.6+security-04 / 12.4.0 < 12.4.3+security-02 / 13.0.0 < 13.0.1+security-01 Multiple Vulnerabilities
The version of Grafana Labs installed on the remote host is affected by multiple vulnerabilities, including: - A broken access control flaw in the Snapshot API allows any Editor to delete dashboard snapshots, even those they have no read or write access to. CVE-2026-28380 - When using an IPv6...
BIT-GRAFANA-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them...
CVE-2026-28380
The CVE-2026-28380 entry describes a broken access control flaw in the Snapshot API that lets Any Editor delete any dashboard snapshot, even without read/write permissions. Affected component is the Snapshot API used for managing dashboard snapshots; the underlying cause is insufficient authoriza...
CVE-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them...
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
Any Editor could delete any snapshot, even if they have no access to read or write them...
EUVD-2026-29104
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
CVE-2026-33359
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
CVE-2026-33359
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
CVE-2026-33359 Meari unauthenticated alert image access in cloud object storage
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...
Meari Alibaba OSS 安全漏洞
Meari Alibaba OSS is an IoT cloud data storage solution developed by Meari Company, which integrates object storage services. There is a security vulnerability in Meari Alibaba OSS. This vulnerability arises from the lack of authentication, signed URLs, and expiration controls in Meari IoT Cloud...
PT-2026-39642
In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...