Lucene search
+L

8 matches found

nvd
nvd
added 2026/07/04 5:16 p.m.8 views

CVE-2026-14636

A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function douploadothersimages of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Image Manager. Executing a...

5.5CVSS0.00323EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6566

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS5.4AI score0.00264EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/20 5:31 a.m.13 views

CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS5.7AI score0.00264EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.12 views

PT-2026-42112

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS5.7AI score0.00264EPSS
Exploits0References3
cve
cve
added 2026/04/06 7:11 p.m.12 views

CVE-2026-35183

CVE-2026-35183 : Brave CMS (open-source) has an IDOR in the article image deletion feature. The vulnerability is in deleteImage (app/Http/Controllers/Dashboard/ArticleController.php) where the endpoint accepts a filename from the URL without verifying ownership. This allows an authenticated user ...

7.1CVSS5.9AI score0.00201EPSS
Exploits1References1Affected Software1
osv
osv
added 2025/12/08 5:16 p.m.4 views

CVE-2025-32329

In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS5.9AI score0.00086EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/02/16 12:0 a.m.6 views

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android, which stems from a lack of permission checking in the applyCustomDescription method of the SaveUi.java file, which allows viewing images belonging...

3.3CVSS6.6AI score0.00115EPSS
Exploits0References4
jvn
jvn
added 2020/02/14 4:43 a.m.1 views

ilbo App vulnerable to authentication bypass

Overview ilbo App provided by EXTRUN Ltd. contains an authentication bypass vulnerability CWE-287. Impact A user who can login to ilbo App may view the images which were recorded by the other user's ilbo device. Solution Update the Application Update to the latest version according to the...

4.3CVSS6.8AI score0.00922EPSS
Exploits0References6
Rows per page
Query Builder