18 matches found
EUVD-2026-21258
The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...
OpenClaw 路径遍历漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained a path traversal vulnerability. This vulnerability stemmed from the use of path traversal in sandbox enforcement, allowing the sandbox-ified agent to read any file...
CVE-2026-39369
WWBN AVideo (versions 26.0 and earlier) contains a vulnerability in objects/aVideoEncoderReceiveImage.json.php that allows an authenticated uploader to fetch attacker-controlled same-origin /videos/ URLs and bypass traversal scrubbing. This can expose server-local files (e.g., /etc/passwd or appl...
📄 WhatsApp Android Contact Gating Bypass
WhatsApp Android has a contact gating bypass in groups that leads to interaction-less media download. Background To prevent security issues and spam, WhatsApp for Android requires some form of user interaction to automatically download files from non-contacts: a. After adding someone as a contact...
PT-2025-43409
Name of the Vulnerable Software and Affected Versions BookLore versions 1.8.1 and prior Description BookLore is a self-hosted web app for managing book collections. Versions prior to a recent update have an authentication bypass issue in the BookMediaController. This allows unauthenticated users ...
CVE-2025-61906
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...
CVE-2025-61906
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...
CVE-2025-61906 Opencast's editor accidentally publishes videos/overwrites publications #1626
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...
EUVD-2025-33323
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, in some situations, Opencast's editor may publish a video without notifying the user. This may lead to users accidentally publishing media not meant for...
GHSA-RH67-4C8J-HJJH Nautobot may allows uploaded media files to be accessible without authentication
Impact Files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...
Zabbix 安全漏洞
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A security vulnerability exists in Zabbix that stems from returning all user information, including media and other information, that...
CVE-2024-31312
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2024-23960 · Google · Android
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a missing permission check in multiple locations, which could lead to a local information disclosure. This disclosure may expose...
Google Play Diibear 安全漏洞
Google Play Diibear is an application from Google Play. It provides a feature that allows parents to use the application to stay in touch with the kindergarten and get information about their children's learning and play as well as kindergarten newsletters and announcements. A security...
Incomplete 'Go SMS Pro' Patch Left Millions of Users' Data Still Exposed Online
A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. The security misstep made it possible for an attacker to come up with a trivial script to access...
WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages
GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of th...
WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages
GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of th...
A study of car sharing apps
The growing popularity of car sharing services has led some experts to predict an end to private car ownership in big cities. The statistics appear to back up this claim: for example, in 2017 Moscow saw the car sharing fleet, the number of active users and the number of trips they made almost...