54 matches found
CVE-2025-22424
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-22424
CVE-2025-22424 is described across multiple sources as an Android vulnerability arising from improper input validation that can cause images to be revealed across users, enabling local privilege escalation with no extra execution privileges. The NVD entry assigns a CVSS v3.1 base score of 7.8 (Hi...
CVE-2026-31909 Apache OFBiz: Unauthenticated Shipment Label Image Disclosure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-42181 Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...
CVE-2026-25869
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
PT-2026-7618
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
php:8.3 security update
An update is available for module.php-pecl-redis6, module.php, php-pecl-redis6, module.php-pecl-apcu, php-pecl-rrd, php-pecl-zip, php, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug3, module.php-pecl-xdebug3. This update affects Rocky Linux 9. A Common Vulnerability...
CVE-2023-40136
In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-40092
In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2023-25445
Malicious code in bioql PyPI...
EUVD-2023-25451
Malicious code in bioql PyPI...
EUVD-2023-25456
Malicious code in bioql PyPI...
EUVD-2023-44743
Malicious code in bioql PyPI...
EUVD-2025-25856
Malicious code in bioql PyPI...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
CVE-2025-0082
In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-0082
In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-0082
In multiple functions of StatusHint.java and TelecomServiceImpl.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...