3 matches found
CVE-2026-22784 Lychee cross-album password propagation on Album unlocking
Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functionality that allows users to gain possibly unauthorized access to other users' password-protected albums. When a user unlocks a password-protected...
CVE-2025-30428
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication...
CVE-2023-32669
CVE-2023-32669 describes an authorization bypass in BuddyBoss 2.2.9 . An authenticated user can change the album identifier (id) to access and rename other users’ photo albums, constituting a violation of access controls. Documented impact indicates that confidentiality and integrity could be aff...