CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

RedhatCVE•added 2026/01/09 10:51 a.m.•6 views

CVE-2022-42707

In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions...

7.5CVSS6.8AI score0.0024EPSS

Exploits0References1

OSV•added 2025/12/01 12:0 a.m.•2 views

ASB-A-327137311

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS6.8AI score0.0001EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-1990

Malicious code in bioql PyPI...

3.5CVSS4.2AI score0.00172EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2022-45773

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0024EPSS

Exploits0References2

CVE•added 2025/09/02 10:11 p.m.•423 views

CVE-2025-22416

CVE-2025-22416 affects Android’s ChooserActivity.java onCreate, enabling a confused deputy to view other users’ images and cause local privilege escalation without extra privileges or user interaction. Public references note it as an Elevation of Privilege issue (High) in the Android 2025-04 secu...

7.8CVSS6.3AI score0.00076EPSS

Exploits0References2Affected Software1

NVD•added 2024/12/09 1:15 p.m.•5 views

CVE-2023-47793

Missing Authorization vulnerability in Acme Themes Acme Fix Images acme-fix-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a through = 1.0.0...

4.3CVSS0.00173EPSS

Exploits0References1

OSV•added 2024/02/16 2:15 a.m.•2 views

CVE-2023-40122

In applyCustomDescription of SaveUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00073EPSS

Exploits0References2

Positive Technologies•added 2023/12/04 12:0 a.m.•3 views

PT-2023-27256 · Google · Android

Name of the Vulnerable Software and Affected Versions: MediaDataManager.kt affected versions not specified Description: The issue is related to a confused deputy in the loadMediaDataInBgForResumption function of MediaDataManager.kt, allowing potential access to another user's images. This could...

5.5CVSS5.1AI score0.00029EPSS

Exploits0References6

OSV•added 2023/10/27 9:15 p.m.•2 views

CVE-2023-40135

In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00023EPSS

Exploits0References2

Vulnrichment•added 2022/10/10 12:0 a.m.•1 views

CVE-2022-26121

An exposure of resource to wrong sphere vulnerability CWE-668 in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via...

3.7CVSS5.5AI score0.00176EPSS

Exploits0References1