34 matches found
EUVD-2026-23809
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...
CVE-2026-6619
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...
CVE-2026-6619
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...
CVE-2026-6619
The CVE affects langgenius dify up to version 1.13.3, specifically the ImagePreview component’s openInNewTab in web/app/components/base/image-uploader/image-preview.tsx. The vulnerability arises from manipulating the filename argument, enabling cross-site scripting. Impact is described as remote ...
CVE-2026-6619 langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...
PT-2026-33734
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...
CVE-2026-35023
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...
CVE-2026-33474 Vikunja Affected by DoS via Image Preview Generation
Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...
GO-2026-4811 Vikunja Affected by DoS via Image Preview Generation in code.vikunja.io/api
Vikunja Affected by DoS via Image Preview Generation in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the GetPreview and resizeImage functions during image preview generation. An attacker can exhaust CPU and memory resources by uploading highly compressed images with extremely...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the GetPreview and resizeImage functions during image preview generation. An attacker can exhaust CPU and memory resources by uploading highly compressed images with extremely...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issue: Mozilla Thunderbird is updated to 140.4. changed: Account Hub is now disabled by default for second email account bmo1992027 changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 bmo1952100 fixed: Users could not read mail...
SUSE-SU-2025:4006-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issue: Mozilla Thunderbird is updated to 140.4. changed: Account Hub is now disabled by default for second email account bmo1992027 changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 bmo1952100 fixed: Users could not read mail...
Creating a Linux Application Using VSCodium, Cline, OpenRouter, and Claude
In March I created a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude. This was a program that created square screen captures. The user doesn't need to manually ensure the dimensions are a square. The program makes the window grow and shrink while keeping the length equ...
EUVD-2020-2709
Malware in sbrugna...
CVE-2023-21486
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...
Gleamtech FileVista 9.2.0.0 Missing Authorization Vulnerability
A vulnerability exists in Gleamtech FileVista version 9.2.0.0 that allows unauthorized access to image files, even after the HTTP cookie associated with the session is deleted. The issue arises due to insufficient validation of session or authentication tokens on the server side. Exploit Title:...
CVE-2023-21486
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...
CVE-2022-36048
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...
Nextcloud 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud. An attacker could trigger a denial of service by generating an image preview to overload Nextcloud...