EUVD-2026-31885

An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...

CVE-2025-62614 BookLore Media API Authentication Bypass

BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thumbnails, and complete PDF/CBX page content...

PT-2025-33214 · Unknown · Softnwords Smm Api

Name of the Vulnerable Software and Affected Versions: softnwords SMM API versions through 6.0.30 Description: The software contains a missing authorization flaw due to incorrectly configured access control security levels in the SMM API. Recommendations: Update softnwords SMM API to a version...

Unrestricted File Upload

cockpit-hq/cockpit is vulnerable to Unrestricted File Upload. The vulnerability is due to an improper file upload checks within the /media/api POST endpoint which can be exploited to compromise the system's integrity, allowing unauthorized access or data manipulation...

Use After Free

Google Chrome is vulnerable to Use After Free. The vulnerability is due to improper memory management in the media API, which results in heap corruption via crafted HTML page...

Agentejo Cockpit Directory Traversal Vulnerability

Agentejo Cockpit is a management system for managing structured content on websites. A directory traversal vulnerability exists in Agentejo Cockpit version 0.6.2, which arises from a program that does not properly validate a file before performing operations on it. An attacker can exploit the...

CVE-2018-15540

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal...