CVE-2024-56515

Matrix Media Repo MMR is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in...

Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders

Impact If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in ImageMagick. In some ImageMagick installations, this includes the capability to run Ghostscript...

PT-2024-22378 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin versions up to 20240315 Description: A critical issue was found in the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to...

SUSE CVE-2021-39184

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potential...