CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

EUVD-2021-19562

Malware in sbrugna...

EUVD-2022-38819

Malicious code in bioql PyPI...

EUVD-2022-45074

Malicious code in bioql PyPI...

CVE-2022-36048

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...

SUSE CVE-2021-32802

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud. An attacker could trigger a denial of service by generating an image preview to overload Nextcloud...

openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1253-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1253-1 advisory. - Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud...

Nextcloud Code Execution Vulnerability

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Germany's Nextcloud. Nextcloud is vulnerable to a code execution vulnerability that stems from Nextcloud's support for rendering image previews of file content provided to users, whic...

CVE-2021-32802

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...

Server side request forgery (ssrf)

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...

Nextcloud 安全漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Germany's Nextcloud. Nextcloud is vulnerable to a code execution vulnerability that stems from Nextcloud's support for rendering image previews of file content provided to users, whic...

Public-Link Password-Bypass via Image-Previews – ownCloud

------- It was possible to access the preview-image of a password-protected public-link. The severity of the issue is reduced to low because the attacker needs to know the public-link hash and the original filename of the image. Affected ----- - owncloud/core v10.4 Action taken -------- Applied...

Public-Link Password-Bypass via Image-Previews - ownCloud security advisory

Platform: ownCloud Server Versions: 10.3 Date: 2/28/2020 Risk: Low CVSS v3 Base Score: 3.1 CVSS v3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CWE ID: 284 CWE Name: Improper Access Control...

Nextcloud Server Information Disclosure Vulnerability (CNVD-2018-12756)

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A security vulnerability exists in Nextcloud Server versions prior to 12.0.8 and 13.0.3, which stems from the program's...

File access control rules not applied to image previews (NC-SA-2018-002)

A missing check for read permissions allowed users that received an incomming share containing files tagged so they should be denied access to still request a preview for those files...