PT-2026-29874

Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied to the authenticated /api/uploadChunked endpoint but was not applied to the unauthenticated /api/uploadChunked/public endpoint in the same file app/server/fireshare/api.py. An...

CVE-2026-26227

VLC for Android prior to 3.7.0 contains an authentication bypass in the Remote Access Server due to missing rate limiting on the 4‑digit OTP verification. An attacker reachable on the network can repeatedly attempt OTP checks within the OTP validity window, potentially obtaining a valid user_sess...

CVE-2026-26227 VLC for Android < 3.7.0 Remote Access OTP Authentication Bypass

VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...

Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24)

This week on the Lock and Code podcast … It's often said online that if a product is free, you're the product, but what if that bargain was no longer true? What if, depending on the device you paid hard-earned money for, you still became a product yourself, to be measured, anonymized, collated,...

LinkAce cross-site scripting vulnerability (CNVD-2025-27898)

LinkAce is a self-hosted archive of links to your favorite websites. A cross-site scripting vulnerability exists in LinkAce 2.3.1 and prior versions, which stems from insufficient validation of title field input by the social media sharing feature and can be exploited by an attacker to cause a...

EUVD-2024-52543

Malicious code in bioql PyPI...

CVE-2024-54423

Cross-Site Request Forgery CSRF vulnerability in Jesse Overright Social Media Sharing social-media-sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through = 1.1...

CVE-2024-54423

Cross-Site Request Forgery CSRF vulnerability in Jesse Overright Social Media Sharing social-media-sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through = 1.1...

CVE-2024-54423

CVE-2024-54423: Cross‑Site Request Forgery (CSRF) in the Social Media Sharing plugin for WordPress can lead to Stored XSS. Public details specify the vulnerable component as Social Media Sharing and indicate exploitation via CSRF to stored XSS, affecting versions up to 1.1. The description in the...

CVE-2024-54423 WordPress Social Media Sharing plugin <= 1.1 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Jesse Overright Social Media Sharing social-media-sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through = 1.1...

PT-2024-36312 · Unknown · Jesse Overright Social Media Sharing

Name of the Vulnerable Software and Affected Versions: Jesse Overright Social Media Sharing versions n/a through 1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...

WordPress plugin Social Media Sharing 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Social Media Sharing plugin <= 1.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Social Media Sharing versions = 1.1...

Security Researcher Sued for Disproving Government Statements

This story seems straightforward. A city is the victim of a ransomware attack. They repeatedly lie to the media about the severity of the breach. A security researcher repeatedly proves their statements to be lies. The city gets mad and sues the researcher. Lets hope the judge throws the case out...

WhatsApp Upgrades Proxy Feature Against Internet Shutdowns

Meta's WhatsApp has rolled out updates to its proxy feature, allowing more flexibility in the kind of content that can be shared in conversations. This includes the ability to send and receive images, voice notes, files, stickers and GIFs, WhatsApp told The Hacker News. The new features were firs...

CVE-2022-22643

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so...

Fedora: Security Advisory for rygel (FEDORA-2021-20b9876f11)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 33 Update: rygel-0.40.1-1.fc33

Rygel is a home media solution that allows you to easily share audio, video and pictures, and control of media player on your home network. In technical te rms it is both a UPnP AV MediaServer and MediaRenderer implemented through a pl ug-in mechanism. Interoperability with other devices in the...

WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages

GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of th...

Ubuntu 19.10 : rygel vulnerability (USN-4177-1)

It was discovered that the Rygel package automatically started the daemon by default in user sessions. In certain environments, this resulted in media being shared contrary to expectations. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu...