8 matches found
CVE-2026-14636
A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function douploadothersimages of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Image Manager. Executing a...
CVE-2026-6566
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...
CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...
PT-2026-42112
The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...
CVE-2026-35183
CVE-2026-35183 : Brave CMS (open-source) has an IDOR in the article image deletion feature. The vulnerability is in deleteImage (app/Http/Controllers/Dashboard/ArticleController.php) where the endpoint accepts a filename from the URL without verifying ownership. This allows an authenticated user ...
CVE-2025-32329
In multiple functions of Session.java, there is a possible way to view images belonging to a different user of the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
Google Android Security Vulnerability
Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android, which stems from a lack of permission checking in the applyCustomDescription method of the SaveUi.java file, which allows viewing images belonging...
ilbo App vulnerable to authentication bypass
Overview ilbo App provided by EXTRUN Ltd. contains an authentication bypass vulnerability CWE-287. Impact A user who can login to ilbo App may view the images which were recorded by the other user's ilbo device. Solution Update the Application Update to the latest version according to the...