Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.5 views

CVE-2025-22424

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

5.9AI score0.00088EPSS
Exploits0References1
NVD
NVD
added 2025/12/08 5:16 p.m.6 views

CVE-2025-48628

In validateIconUserBoundary of PrintManagerService.java, there is a possible cross-user image leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00072EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-13421

Malware in sbrugna...

7.5CVSS7.5AI score0.01338EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/05 4:10 p.m.9 views

CVE-2025-32320

In System UI, there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00073EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/04 6:34 p.m.18 views

CVE-2025-48551

In multiple locations, there is a possible leak of an image across the Android User isolation boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

0.00074EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 5:20 a.m.3 views

CVE-2023-21238

In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 3:36 a.m.9 views

CVE-2021-26627

Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image...

7.5CVSS7.1AI score0.01338EPSS
Exploits0References1
Hacker One
Hacker One
added 2023/08/13 2:16 p.m.36 views

Basecamp: AWS keys and user cookie leakage via uninitialized memory leak in outdated librsvg version in Basecamp

Sensitive data, including AWS keys and user cookies, could be leaked due to an uninitialized memory leak in an outdated version of librsvg used by Basecamp. This vulnerability allowed an attacker to upload a specially crafted SVG image as an avatar, triggering the memory leak. By extracting...

6.6AI score
Exploits0
UbuntuCve
UbuntuCve
added 2023/02/15 12:0 a.m.23 views

CVE-2023-25741

When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox 110...

6.5CVSS6.8AI score0.00767EPSS
Exploits1References3
NVD
NVD
added 2022/04/19 9:15 p.m.13 views

CVE-2021-26627

Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image...

7.5CVSS0.01338EPSS
Exploits0References1
CVE
CVE
added 2022/04/19 8:26 p.m.85 views

CVE-2021-26627

CVE-2021-26627 describes an insufficient authentication on the activated RTSP port that enables a remote attacker to issue RTSP requests (e.g., via ffplay) and leak live video/images. Reported impact is real-time image information exposure. The available connected documents corroborate the vulner...

7.5CVSS7.7AI score0.01338EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2020/11/30 8:27 p.m.6 views

Mozilla: Variable time processing of cross-origin images during drawImage calls

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

4.3CVSS7.4AI score0.0247EPSS
Exploits1References5
Mozilla
Mozilla
added 2018/03/13 12:0 a.m.539 views

Security vulnerabilities fixed in Firefox 59 — Mozilla

A buffer overflow can occur when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially...

9.8CVSS0.3AI score0.08024EPSS
Exploits2References19Affected Software1
UbuntuCve
UbuntuCve
added 2016/07/21 12:0 a.m.19 views

CVE-2016-4583

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document...

3.1CVSS6.7AI score0.01829EPSS
Exploits0References9
Rows per page
Query Builder