Lucene search
K

41 matches found

NVD
NVD
added 5 days ago4 views

CVE-2026-54261

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-54261 Wagtail: Improper permission handling in image preview

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-54261

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago12 views

CVE-2026-54261

Wagtail (Django-based CMS) has a permission-check flaw in the image preview endpoint. In versions prior to 7.0.8, 7.3.3, and 7.4.2, a user with admin access could preview any image due to a missing permission check; this does not expose the image data itself to ordinary site visitors. The issue h...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago39 views

CVE-2026-54260 Wagtail: Denial of service via unbounded filter specs in the image preview

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...

4.3CVSS0.0022EPSS
Exploits0References1
CVE
CVE
added 5 days ago12 views

CVE-2026-54260

CVE-2026-54260 affects Wagtail (Django-based CMS). In versions prior to 7.0.8, 7.3.3, and 7.4.2, an authenticated admin user can trigger expensive rendition processing via crafted filter specs in the image preview, leading to potential service degradation. This is not exploitable by anonymous vis...

4.3CVSS5.6AI score0.0022EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-6619

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...

5.1CVSS3.7AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 9:30 a.m.4 views

EUVD-2026-23809

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...

5.1CVSS3.9AI score0.00206EPSS
Exploits0References5
NVD
NVD
added 2026/04/20 9:16 a.m.8 views

CVE-2026-6619

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...

5.1CVSS0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 8:0 a.m.5 views

CVE-2026-6619

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...

5.1CVSS3.9AI score0.00206EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/04/20 8:0 a.m.32 views

CVE-2026-6619 langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...

5.1CVSS0.00206EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 8:0 a.m.10 views

CVE-2026-6619

The CVE affects langgenius dify up to version 1.13.3, specifically the ImagePreview component’s openInNewTab in web/app/components/base/image-uploader/image-preview.tsx. The vulnerability arises from manipulating the filename argument, enabling cross-site scripting. Impact is described as remote ...

5.1CVSS3.9AI score0.00206EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.13 views

PT-2026-33734

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be...

5.1CVSS3.9AI score0.00206EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/08 12:59 p.m.2 views

CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 3:21 p.m.6 views

CVE-2026-33474 Vikunja Affected by DoS via Image Preview Generation

Vikunja is an open-source self-hosted task management platform. Starting in version 1.0.0-rc0 and prior to version 2.2.0, unbounded image decoding and resizing during preview generation lets an attacker exhaust CPU and memory with highly compressed but extremely large-dimension images. Version...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References2
OSV
OSV
added 2026/03/23 6:16 p.m.5 views

GO-2026-4811 Vikunja Affected by DoS via Image Preview Generation in code.vikunja.io/api

Vikunja Affected by DoS via Image Preview Generation in code.vikunja.io/api. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/20 8:43 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the GetPreview and resizeImage functions during image preview generation. An attacker can exhaust CPU and memory resources by uploading highly compressed images with extremely...

7.1CVSS6.4AI score0.00318EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/20 8:43 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the GetPreview and resizeImage functions during image preview generation. An attacker can exhaust CPU and memory resources by uploading highly compressed images with extremely...

7.1CVSS5.9AI score0.00318EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2025/11/10 8:0 a.m.6 views

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issue: Mozilla Thunderbird is updated to 140.4. changed: Account Hub is now disabled by default for second email account bmo1992027 changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 bmo1952100 fixed: Users could not read mail...

9.8CVSS8AI score0.00465EPSS
Exploits0References18
OSV
OSV
added 2025/11/10 8:0 a.m.3 views

SUSE-SU-2025:4006-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issue: Mozilla Thunderbird is updated to 140.4. changed: Account Hub is now disabled by default for second email account bmo1992027 changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 bmo1952100 fixed: Users could not read mail...

9.8CVSS6.3AI score0.00465EPSS
Exploits0References35
Rows per page
Query Builder