Lucene search
K

23 matches found

NVD
NVD
added 4 days ago9 views

CVE-2026-57943

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS0.0021EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 4 days ago3 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
CVE
CVE
added 4 days ago8 views

CVE-2026-57943

LibrePhotos (before 1.0.0) contains a broken object-level authorization vulnerability in the SetPhotosShared endpoint. An authenticated user can bypass ownership validation and manipulate shared_to relations to grant themselves access to other users’ private photos, effectively reading arbitrary ...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40161

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS0.0021EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-52011

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00533EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-27005

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00723EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:47 a.m.5 views

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

4.8CVSS6.4AI score0.00533EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:16 a.m.3 views

CVE-2023-22903

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

9.8CVSS7AI score0.00723EPSS
Exploits0References1
NVD
NVD
added 2024/12/02 7:15 p.m.15 views

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

4.8CVSS0.00533EPSS
Exploits0References3
OSV
OSV
added 2024/12/02 7:15 p.m.6 views

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

4.8CVSS6.3AI score0.00533EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/02 12:0 a.m.23 views

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

0.00533EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/02 12:0 a.m.13 views

CVE-2024-53617

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...

5AI score0.00533EPSS
Exploits0References3
CVE
CVE
added 2024/12/02 12:0 a.m.53 views

CVE-2024-53617

CVE-2024-53617 is a cross-site scripting vulnerability in LibrePhotos prior to commit 32237. An attacker can take over an account by uploading an HTML file on behalf of the admin user, leveraging an IDOR flaw in the file upload mechanism. The public description and related sources consistently ci...

4.8CVSS6.4AI score0.00533EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/02 12:0 a.m.2 views

LibrePhotos 安全漏洞

LibrePhotos is a self-hosted open source photo management service open-sourced by LibrePhotos. LibrePhotos suffers from a security vulnerability that stems from susceptibility to a cross-site scripting attack, where an attacker can take over any account by uploading an HTML file on behalf of an...

4.8CVSS6AI score0.00533EPSS
Exploits0References3
NVD
NVD
added 2023/01/10 6:15 a.m.22 views

CVE-2023-22903

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

9.8CVSS9.5AI score0.00723EPSS
Exploits0References2
OSV
OSV
added 2023/01/10 6:15 a.m.27 views

CVE-2023-22903

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

9.8CVSS6.9AI score0.00723EPSS
Exploits0References2
Prion
Prion
added 2023/01/10 6:15 a.m.16 views

Improper access control

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

7.5CVSS9.4AI score0.00723EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.3 views

PT-2023-18766 · Unknown · Librephotos

Name of the Vulnerable Software and Affected Versions: LibrePhotos versions prior to e19e539 Description: The issue is related to incorrect access control in the api/views/user.py file. This could potentially allow unauthorized access to certain features or data. Recommendations: For versions pri...

9.8CVSS6.8AI score0.00723EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2023/01/10 12:0 a.m.5 views

CVE-2023-22903

api/views/user.py in LibrePhotos before e19e539 has incorrect access control...

9.5AI score0.00723EPSS
Exploits0References2
Rows per page
Query Builder