Lucene search
K

18 matches found

EUVD
EUVD
added 2026/04/10 1:24 a.m.4 views

EUVD-2026-21258

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

4.3CVSS5.9AI score0.00373EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

OpenClaw 路径遍历漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained a path traversal vulnerability. This vulnerability stemmed from the use of path traversal in sandbox enforcement, allowing the sandbox-ified agent to read any file...

7.7CVSS5.8AI score0.00382EPSS
Exploits1References2
CVE
CVE
added 2026/04/07 7:24 p.m.12 views

CVE-2026-39369

WWBN AVideo (versions 26.0 and earlier) contains a vulnerability in objects/aVideoEncoderReceiveImage.json.php that allows an authenticated uploader to fetch attacker-controlled same-origin /videos/ URLs and bypass traversal scrubbing. This can expose server-local files (e.g., /etc/passwd or appl...

7.6CVSS5.8AI score0.00412EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2025/12/02 12:0 a.m.241 views

📄 WhatsApp Android Contact Gating Bypass

WhatsApp Android has a contact gating bypass in groups that leads to interaction-less media download. Background To prevent security issues and spam, WhatsApp for Android requires some form of user interaction to automatically download files from non-contacts: a. After adding someone as a contact...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.5 views

PT-2025-43409

Name of the Vulnerable Software and Affected Versions BookLore versions 1.8.1 and prior Description BookLore is a self-hosted web app for managing book collections. Versions prior to a recent update have an authentication bypass issue in the BookMediaController. This allows unauthenticated users ...

8.7CVSS6.6AI score0.00528EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/10/10 1:32 a.m.18 views

CVE-2025-61906

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...

4.3CVSS6.8AI score0.00268EPSS
Exploits1References1
NVD
NVD
added 2025/10/08 6:15 p.m.4 views

CVE-2025-61906

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...

4.3CVSS0.00268EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/08 6:6 p.m.9 views

CVE-2025-61906 Opencast's editor accidentally publishes videos/overwrites publications #1626

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...

2.3CVSS0.00268EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/08 6:6 p.m.4 views

EUVD-2025-33323

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...

2.3CVSS6.3AI score0.00268EPSS
Exploits1References3
OSV
OSV
added 2025/06/10 8:36 p.m.1 views

GHSA-RH67-4C8J-HJJH Nautobot may allows uploaded media files to be accessible without authentication

Impact Files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...

6.3CVSS5.8AI score0.00383EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/04/02 12:0 a.m.5 views

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in Zabbix that stems from returning all user information, including media and other information, that...

3.5CVSS4.7AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 2024/07/09 9:15 p.m.3 views

CVE-2024-31312

In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.6 views

PT-2024-23960 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a missing permission check in multiple locations, which could lead to a local information disclosure. This disclosure may expose...

5.5CVSS6.3AI score0.001EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/03/17 12:0 a.m.6 views

Google Play Diibear 安全漏洞

Google Play Diibear is an application from Google Play. It provides a feature that allows parents to use the application to stay in touch with the kindergarten and get information about their children's learning and play as well as kindergarten newsletters and announcements. A security...

5.5CVSS5.8AI score0.0054EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2020/12/01 2:13 p.m.4 views

Incomplete 'Go SMS Pro' Patch Left Millions of Users' Data Still Exposed Online

A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. The security misstep made it possible for an attacker to come up with a trivial script to access...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/19 2:1 p.m.47 views

WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages

GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of th...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/11/19 2:1 p.m.4 views

WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages

GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of th...

5.8AI score
Exploits0
Securelist
Securelist
added 2018/07/25 10:0 a.m.30 views

A study of car sharing apps

The growing popularity of car sharing services has led some experts to predict an end to private car ownership in big cities. The statistics appear to back up this claim: for example, in 2017 Moscow saw the car sharing fleet, the number of active users and the number of trips they made almost...

Exploits0
Rows per page
Query Builder