8 matches found
CVE-2026-42181
Lemmy prior to 0.19.18 is vulnerable to SSRF through post link metadata: the system validates the top-level URL against internal ranges, but the og:image URL extracted from the page is not subjected to the same restriction. An authenticated low-privileged user can post a page whose og:image point...
CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml
FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...
CVE-2026-33075 FastGPT has Arbitrary Code Execution in GitHub Actions via pull_request_target in fastgpt-preview-image.yml
FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pullrequesttarget which runs with access to repository secrets but checks out cod...
Gleamtech FileVista 9.2.0.0 Missing Authorization
A vulnerability exists in Gleamtech FileVista version 9.2.0.0 that allows unauthorized access to image files, even after the HTTP cookie associated with the session is deleted. The issue arises due to insufficient validation of session or authentication tokens on the server side. Exploit Title:...
SUSE CVE-2009-1720
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to 1 the Imf::PreviewImage::PreviewImage function and...
GHSA-7W95-QWHH-Q9P3 Magento Path Traversal vulnerability via the `theme[preview_image]` parameter
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a Path Traversal vulnerability via the themepreviewimage parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution...
Magento Path Traversal vulnerability via the `theme[preview_image]` parameter
Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by a Path Traversal vulnerability via the themepreviewimage parameter. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution...
DEBIAN-CVE-2009-1720
Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to 1 the Imf::PreviewImage::PreviewImage function and...