CVE-2026-21885

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

CVE-2025-62614 BookLore Media API Authentication Bypass

BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thumbnails, and complete PDF/CBX page content...

EUVD-2014-1669

Malware in sbrugna...

EUVD-2020-12731

Malware in sbrugna...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libexif (UTSA-2025-986168)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986168 advisory. In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with ...

Google Android 安全漏洞

Google Android is a Linux-based operating system from the American company Google. Google Android suffers from an information disclosure vulnerability that stems from a lack of permission checking to access media content belonging to other users, which can be exploited by an attacker to obtain...

ASB-A-227201030

Bulletin has no description...

GHSA-7JR4-HGQX-VWGQ Access bypass in Drupal core

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

Access bypass in Drupal core

Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual...

SUSE CVE-2014-1593

Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content...

WPML < 4.5.11 - Subscriber+ Settings Update

The plugin does not have authorisation check when updating the selected language for legacy widgets and default behaviour for media content settings, which could allow any authenticated users, such as subscriber to update them...

Mozilla Firefox Security Advisory (MFSA2014-88) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

DRUPAL-CONTRIB-2021-041

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. This module has a vulnerability whereby users can select blocks as a menu item they don't have permission to view. The vulnerability is mitigated by the fact that it can on...

DRUPAL-CONTRIB-2021-040

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not use CSRF tokens to protect routes for saving menu configurations. This vulnerability can be exploited by an anonymous user...

The Better Mega Menu - Moderately critical - Cross Site Scripting, Information Disclosure, Multiple vulnerabilities - SA-CONTRIB-2021-038

This module provides an admin interface for creating drop down menus that combine Drupal menu items with rich media content. The module does not sanitize values for CSS properties that are added by admins and rendered on the front-end, allowing attackers to inject malicious code into the front-en...

No audio comes up through MS Edge or Google Chrome as published app

Using MS Edge or Google Chrome as published app, users get no audio through it when playing back audio or video media...

Oracle Linux 7 : libexif (ELSA-2020-4040)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4040 advisory. 0.6.22-1 - Upgrade to 0.6.22 - Resolves: 1841316 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...

Microsoft Windows Media Decompression Remote Code Execution(MS13-011; CVE-2013-0077)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way Windows handles media content. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2020-014...