23 matches found
CVE-2026-57943
LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...
CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint
LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...
CVE-2026-57943
LibrePhotos (before 1.0.0) contains a broken object-level authorization vulnerability in the SetPhotosShared endpoint. An authenticated user can bypass ownership validation and manipulate shared_to relations to grant themselves access to other users’ private photos, effectively reading arbitrary ...
EUVD-2026-40161
LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...
CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint
LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...
EUVD-2024-52011
Malicious code in bioql PyPI...
EUVD-2023-27005
Malicious code in bioql PyPI...
CVE-2024-53617
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...
CVE-2023-22903
api/views/user.py in LibrePhotos before e19e539 has incorrect access control...
CVE-2024-53617
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...
CVE-2024-53617
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...
CVE-2024-53617
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...
CVE-2024-53617
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload...
CVE-2024-53617
CVE-2024-53617 is a cross-site scripting vulnerability in LibrePhotos prior to commit 32237. An attacker can take over an account by uploading an HTML file on behalf of the admin user, leveraging an IDOR flaw in the file upload mechanism. The public description and related sources consistently ci...
LibrePhotos 安全漏洞
LibrePhotos is a self-hosted open source photo management service open-sourced by LibrePhotos. LibrePhotos suffers from a security vulnerability that stems from susceptibility to a cross-site scripting attack, where an attacker can take over any account by uploading an HTML file on behalf of an...
CVE-2023-22903
api/views/user.py in LibrePhotos before e19e539 has incorrect access control...
CVE-2023-22903
api/views/user.py in LibrePhotos before e19e539 has incorrect access control...
Improper access control
api/views/user.py in LibrePhotos before e19e539 has incorrect access control...
PT-2023-18766 · Unknown · Librephotos
Name of the Vulnerable Software and Affected Versions: LibrePhotos versions prior to e19e539 Description: The issue is related to incorrect access control in the api/views/user.py file. This could potentially allow unauthorized access to certain features or data. Recommendations: For versions pri...
CVE-2023-22903
api/views/user.py in LibrePhotos before e19e539 has incorrect access control...