CVE-2026-54027

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's toolresources e.g., context, executecode without verifying ownership or EDIT permission on the target...

CVE-2026-54027

Vulnerability (CVE-2026-54027): LibreChat prior to 0.8.4-rc1 allows authenticated users to upload files via POST /api/files/images into any agent’s tool_resources (e.g., context, execute_code) without ownership/EDIT checks. A permission check was added to POST /api/files, but the image upload rou...

CVE-2026-56218 Capgo - EXIF Metadata Exposure via Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers can download uploaded images and extract precise latitude and longitude coordinates revealing user physical location at capture time...

CVE-2026-56218

Capgo prior to 12.128.2 does not strip EXIF metadata (including GPS coordinates) from uploaded images, enabling disclosure of users’ precise location. Attackers can download images and extract coordinates at capture time. Remediation: upgrade Capgo to version 12.128.2 or later.

PT-2026-51146

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The software fails to strip EXIF metadata, which includes GPS geolocation data, from uploaded images. This leads to information disclosure, as attackers can download these images and extract precise...

CVE-2026-33582

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

CVE-2026-25860 OpenClinic GA 5.351.19 Reflected XSS via DICOM Image Upload Handler

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

EUVD-2026-35369

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

Post-Factum BV OpenClinic GA 跨站脚本漏洞

Post-Factum BV OpenClinic GA is an open-source hospital information management system developed by the Belgian company Post-Factum BV. This system supports functions such as financial management, clinical management, and laboratory management. Version 5.351.19 of Post-Factum BV OpenClinic GA...

CVE-2026-11569

CVE-2026-11569 affects Quay: the filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG containing JavaScript. The file is stored and served inline via the CDN, enabling stored XSS when a victim visits the ...

CVE-2025-13030

All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file...

CVE-2026-6489

A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The...

CVE-2026-10807

The CVE-2026-10807 entry concerns mjperpinosa stumasy, affecting the unknown function in application/PHP/objects/profiles/change_profile_image.php. The issue allows an attacker to manipulate the pr_profile_image argument to achieve unrestricted upload, with remote exploitation. Public exploit dis...

PT-2026-46874

SVG files are in the allowed extensions whitelist and can be uploaded by any admin user via the media manager. There is zero SVG content sanitization anywhere in the upload pipeline. A malicious SVG with JavaScript onload, , executes in the context of the Shopware domain when accessed. The Proble...

DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap

Over the last decade, DICOM parsing has become an active research topic. The reason is simple: DICOM is both critical and complicated. Hospitals rely on DICOM-based PACS systems, and those systems often automatically ingest files received over the network. That means malformed data could directly...

CVE-2026-42879

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-42879

CVE-2026-42879 affects FacturaScripts

EUVD-2026-32626

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-42879 FacturaScripts: Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images

FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality. An attacker with valid credentials can upload a PHP file disguised as a GIF image using...

CVE-2026-9445

A flaw has been found in SourceCodester Simple POS and Inventory System 1.0. Impacted is an unknown function of the file /admin/addproduct.php of the component File Extension Handler. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible...