Lucene search
K

955 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-57943

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS0.0021EPSS
Exploits0References5
CVE
CVE
added 6 days ago8 views

CVE-2026-57943

LibrePhotos (before 1.0.0) contains a broken object-level authorization vulnerability in the SetPhotosShared endpoint. An authenticated user can bypass ownership validation and manipulate shared_to relations to grant themselves access to other users’ private photos, effectively reading arbitrary ...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS0.0021EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-40161

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 6 days ago4 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/16 9:32 p.m.9 views

EUVD-2026-37192

In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.5AI score0.0006EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 6:51 p.m.21 views

CVE-2026-0158

In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

0.0006EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-46337

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

6.9CVSS5.6AI score0.00455EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4085

The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapperclass' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user...

6.4CVSS5.7AI score0.00288EPSS
Exploits0References1
HackRead
HackRead
added 2026/06/03 9:27 p.m.11 views

How to Recover Data from iCloud Backup Without Resetting Your iPhone

Restore data from an iCloud backup without the necessity of resetting your iPhone. Discover proven methods to get back your photos, messages, contacts, and many more things in a very easy way...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/29 1:3 p.m.34 views

CVE-2026-46337 WWBN AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

6.9CVSS0.00455EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities allow unauthorized remote attackers to read arbitrary image files on a disk that can be accessed by PHP...

6.9CVSS5.9AI score0.00455EPSS
Exploits1References1
Malwarebytes
Malwarebytes
added 2026/05/14 9:0 a.m.12 views

Deepfake sextortion forces schools to remove student photos from websites

Schools love a good photo, whether it's from a trip to a castle, a science prize ceremony, or sports day shot from three angles. For two decades, celebratory images like these have gone straight onto school websites, captioned with a name and a grade. But those days are gone, because it's the...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/04/30 9:24 p.m.8 views

Private Chats, Photos of Celebs Exposed in Suspected Stalkerware Leak

Private chats and photos of celebrities and influencers were exposed after a suspected stalkerware setup left a database open, revealing sensitive messages and files...

5.3AI score
Exploits0
NVD
NVD
added 2026/04/22 9:16 a.m.7 views

CVE-2026-4085

The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapperclass' shortcode attribute of the 'my-instagram-feed' shortcode in all versions up to, and including, 3.1.2. This is due to insufficient input sanitization and output escaping on user...

6.4CVSS0.00288EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

WordPress plugin Easy Social Photos Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34281

Name of the Vulnerable Software and Affected Versions Easy Social Photos Gallery versions prior to 3.1.3 Description Stored Cross-Site Scripting is possible due to insufficient input sanitization and output escaping of user-supplied attributes. The plugin uses the sanitize text field function...

6.4CVSS5.9AI score0.00288EPSS
Exploits0References8
OSV
OSV
added 2026/04/17 10:53 a.m.4 views

MAL-2026-2841 Malicious code in lixxyly (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e3c0a4fef6764ec743cc96d88d10dbc9a33197300a3b916746ab5f5391ad6e96 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

6.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/17 10:53 a.m.9 views

Malicious code in lixxyly (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e3c0a4fef6764ec743cc96d88d10dbc9a33197300a3b916746ab5f5391ad6e96 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

6.2AI score
Exploits0References1
OSV
OSV
added 2026/04/17 10:45 a.m.6 views

MAL-2026-2839 Malicious code in sher-net (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f87dc8302df47889be1acee83b535b423d7f04e597ed61cca62dc2727f4d5d46 Starting the module activates a hardcoded telegram bot allowing remote code execution, data exfiltration, collecting webcam photos, clipboard data, etc. ---...

6.2AI score
Exploits0References1
Rows per page
Query Builder