PT-2026-37204

Name of the Vulnerable Software and Affected Versions AzuraCast versions prior to 0.23.6 Description An issue exists in the Flow.js media upload endpoint 'POST /api/station/station id/files/upload' where the currentDirectory request parameter is not sanitized for path traversal sequences. When...

EUVD-2026-17431

OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected...

Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use

Summary An improper uploaded media ownership check can result in inadvertent deletion of media when a user is banned with content removal or purged. This can lead to deletion of media that was not uploaded by the banned/purged user. This also applies to purged communities, in which case all media...

Avid NEXIS 安全漏洞

Avid NEXIS is a software-defined storage platform designed for media storage and management from Avid. It is used by media organizations to accelerate production, improve efficiency, and support co-production. A security vulnerability exists in Avid NEXIS versions prior to 2024.6.0 that stems fro...

Secret Chat in Telegram Left Self-Destructing Media Files On Devices

Popular messaging app Telegram fixed a privacy-defeating bug in its macOS app that made it possible to access self-destructing audio and video messages long after they disappeared from secret chats. The vulnerability was discovered by security researcher Dhiraj Mishra in version 7.3 of the app, w...