Lucene search
+L

8 matches found

cve
cve
added 2026/01/28 6:33 a.m.34 views

CVE-2026-1466

CVE-2026-1466 concerns Jirafeau, where the MIME-type based preview guard (image/* except image/svg+xml, plus video/audio) could be bypassed by sending a crafted request with an invalid MIME type (e.g., image). During preview, browsers may sniff the MIME type and detect SVG, potentially executing ...

6.1CVSS5.4AI score0.00287EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2026/01/28 12:0 a.m.11 views

Jirafeau cross-site scripting vulnerability

Jirafeau is a simple method for uploading files developed by Jérôme Jutteau. Jirafeau has a cross-site scripting vulnerability; this vulnerability arises from the ability to bypass preview restrictions by sending HTTP requests with invalid MIME types, potentially leading to cross-site scripting...

6.1CVSS5.6AI score0.00287EPSS
Exploits0References5
nessus
nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-32683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist...

5.4CVSS5.8AI score0.00605EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/12/06 12:0 a.m.5 views

Jirafeau 跨站脚本漏洞

Jirafeau is a simple method of uploading files by the individual developer Jérôme Jutteau. Jirafeau suffers from a cross-site scripting vulnerability that stems from case-insensitive MIME type checking of SVG files, which allows bypassing browser preview restrictions by modifying the case of...

6.1CVSS5.9AI score0.00566EPSS
Exploits0References2
susecve
susecve
added 2023/06/07 2:23 a.m.3 views

SUSE CVE-2023-32683

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

3.5CVSS6.7AI score0.00605EPSS
Exploits0References3
pypa
pypa
added 2023/06/06 7:15 p.m.6 views

PYSEC-2023-85

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.4CVSS6.7AI score0.00605EPSS
Exploits0References3Affected Software1
prion
prion
added 2023/06/06 7:15 p.m.14 views

Server side request forgery (ssrf)

Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...

5.5CVSS5.3AI score0.00605EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2023/05/29 10:15 a.m.14 views

CVE-2023-2808

Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link...

5.3CVSS4.8AI score0.00408EPSS
Exploits0References1
Rows per page
Query Builder