44 matches found
EUVD-2025-210008
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-22424
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2025-22424
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
ASB-A-350456241
In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2026-31909 Apache OFBiz: Unauthenticated Shipment Label Image Disclosure
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-4503
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...
CVE-2026-4503
The IBM advisories for CVE-2026-4503 describe an unauthenticated IDOR in Langflow’s image download endpoint. Affected: Langflow OSS/Desktop 1.0.0–1.8.4. Vulnerable component: image retrieval endpoint (GET /api/v1/files/images/{flow_id}/{file_name}) that fails to enforce authentication/ownership, ...
CVE-2026-4503
IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key...
PT-2026-36190
Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions 1.0.0 through 1.8.4 Description An unauthenticated user can view images belonging to other users. This is possible due to an indirect object reference through a user-controlled key. Recommendations At the moment,...
Apple macOS Tahoe Insufficient Privilege Restriction Vulnerability
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a permission restriction insufficiency vulnerability that stems from a flaw in the system'...
Mozilla Firefox < 10.0
The version of Firefox installed on the remote Windows host is prior to 10.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2012-06 advisory. - Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for...
Apple macOS Tahoe 安全漏洞
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a permission restriction insufficiency vulnerability that stems from a flaw in the system'...
Google Android 安全漏洞
Google Android is a free and open source mobile operating system based on the Linux kernel developed by Google. Google Android suffers from a logic error vulnerability that stems from a logic error issue in Session.java, which can be exploited by an attacker to view images of other users on the...
EUVD-2019-11120
Malware in sbrugna...
EUVD-2024-41641
Malicious code in bioql PyPI...
EUVD-2023-44744
Malicious code in bioql PyPI...
EUVD-2025-31642
Malicious code in bioql PyPI...
EUVD-2023-44746
Malicious code in bioql PyPI...
Information Exposure
Overview github.com/canonical/lxd is an a modern, secure and powerful system container and virtual machine manager. Affected versions of this package are vulnerable to Information Exposure via differing HTTP status code responses in the images endpoint's AllowUntrusted API. An attacker can...
PT-2025-37788
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.7 iPadOS versions prior to 18.7 iOS 26 iPadOS 26 Description: The issue was addressed with improved handling of caches. An attacker with physical access to an unlocked device may be able to view an image in the most...