CVE-2026-49136

Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generateimage function within the AI service backend that allows unauthenticated attackers to read arbitrary image-format files outside the intended uploads directory by exploiting an incomplete...

CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the downloadimage endpoint. An attacker can access and download image files belonging to any flow by knowing or guessing the flow ID and file name. Remediation There is no fixed version for langflow-base...

EUVD-2007-4828

Malware in sbrugna...

EUVD-2007-4242

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-25275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative...

PT-2025-15336 · Unknown · Sticker Center

Name of the Vulnerable Software and Affected Versions: Sticker Center versions prior to SMR Apr-2025 Release 1 Description: The issue is related to improper access control in the Sticker Center, allowing local attackers to access image files with system privileges. Recommendations: For versions...