Lucene search
K

211 matches found

Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-56298 Capgo - EXIF Metadata Exposure in App Information Image Upload

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS0.00187EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42256

Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information endpoint, exposing sensitive geolocation data. Attackers can upload images containing EXIF metadata to extract geographic location information and other embedded metadata from uploaded files...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

PYSEC-2026-2077 Zope vulnerable to Stored Cross Site Scripting with SVG images

Impact There is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user...

3.7CVSS5.6AI score0.00599EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-55223

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions 0.0.0 through 1.4.2 Drupal Canvas versions 1.5.0 through 1.5.2 Drupal Canvas versions 1.6.0 through 1.6.1 Drupal Canvas versions 1.7.0 through 1.7.1 Description An issue exists where the Canvas module allows Cross-Site...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-55222

Name of the Vulnerable Software and Affected Versions Drupal Canvas versions 0.0.0 through 1.4.2 Drupal Canvas versions 1.5.0 through 1.5.2 Drupal Canvas versions 1.6.0 through 1.6.1 Drupal Canvas versions 1.7.0 through 1.7.1 Description An issue exists in the Canvas AI submodule where image file...

6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50610

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description The JSON:API and REST modules allow image file uploads to image fields. The validation rules verify the file extension but fail to check the file MIME type Multipurpose Internet Mail...

4.8AI score
Exploits0References4
NVD
NVD
added 2026/06/05 8:17 p.m.12 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS0.00548EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.8 views

CVE-2026-7134

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

5.8CVSS5.3AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.13 views

CVE-2026-8134

Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...

9.4CVSS6AI score0.00738EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

FacturaScripts 代码问题漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia of Spain. Versions of FacturaScripts prior to 2025.81 contained code vulnerabilities. These vulnerabilities stemmed from the unlimited file upload feature in the product image upload function. Attackers could upload PHP file...

6.3CVSS5.9AI score0.00229EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 4:24 p.m.15 views

RLSA-2025:9844 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/http:...

5.4CVSS6.8AI score0.00778EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 9:51 p.m.12 views

CVE-2026-27892

FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadat...

6.5CVSS5.7AI score0.00227EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/10 3:31 p.m.23 views

EUVD-2022-55969

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

8.8CVSS6.1AI score0.00347EPSS
Exploits0References4
CVE
CVE
added 2026/05/10 12:12 p.m.11 views

CVE-2022-50944

Aero CMS 0.0.1 is affected by a PHP code injection vulnerability. Authenticated attackers can upload PHP files via the image parameter to the admin posts.php endpoint with source=add_post, leading to server-side code execution. The vulnerability exposes high impact on confidentiality, integrity, ...

8.8CVSS6.1AI score0.00347EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/10 12:12 p.m.34 views

CVE-2022-50944 Aero CMS 0.0.1 PHP Code Injection via posts.php

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

8.8CVSS0.00347EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.19 views

PT-2026-37631

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 7:44 p.m.8 views

GHSA-67WX-R9XR-X75X Incus has Unbounded YAML Metadata Decode via Parsing

Summary User provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when parsed by Incus would lead to a very large YAML document being loaded int...

5.3CVSS5.7AI score0.00269EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.10 views

PT-2026-37138

Name of the Vulnerable Software and Affected Versions Incus versions prior to 7.0.0 Description Incus is a system container and virtual machine manager. An authenticated user can provide a specially crafted image or backup tarball containing a very large YAML document. Because the software unpack...

5.3CVSS5.8AI score0.00269EPSS
Exploits1References16
NVD
NVD
added 2026/04/24 3:16 a.m.8 views

CVE-2026-41309

Open Source Social Network OSSN is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions e.g., $10000 \times 10000$ pixels. While the compressed file size...

8.2CVSS0.00369EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

Open Source Social Network(OSSN) 资源管理错误漏洞

Open Source Social Network OSSN is a social network engine developed by the OSSN team in Switzerland. Prior to version 9.0 of Open Source Social Network OSSN, there was a resource management vulnerability. This vulnerability stemmed from resource exhaustion, which could allow attackers to upload...

8.2CVSS5.8AI score0.00369EPSS
Exploits0References1
Rows per page
Query Builder