Lucene search
+L

39 matches found

NVD
NVD
added 2026/06/29 6:16 p.m.13 views

CVE-2026-57943

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS0.0021EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 5:17 p.m.11 views

EUVD-2026-40161

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 5:17 p.m.37 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS0.0021EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/29 5:17 p.m.7 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 5:17 p.m.15 views

CVE-2026-57943

LibrePhotos (before 1.0.0) contains a broken object-level authorization vulnerability in the SetPhotosShared endpoint. An authenticated user can bypass ownership validation and manipulate shared_to relations to grant themselves access to other users’ private photos, effectively reading arbitrary ...

6CVSS5.9AI score0.0021EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:17 p.m.4 views

CVE-2026-57943 LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint

LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users to grant themselves access to other users' private photos by bypassing ownership validation. Attackers can manipulate sharedto relations without prop...

6CVSS6AI score0.0021EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/29 1:3 p.m.39 views

CVE-2026-46337 WWBN AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

6.9CVSS0.00455EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities allow unauthorized remote attackers to read arbitrary image files on a disk that can be accessed by PHP...

6.9CVSS5.9AI score0.00455EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.17 views

immich 跨站脚本漏洞

immich is a high-performance, open-source, self-hosted solution for managing photos and videos. Versions of immich prior to 2.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a stored-cross-site scripting flaw within the 360-degree panorama viewer, which could...

7.3CVSS5.8AI score0.00225EPSS
Exploits1References1
Malwarebytes
Malwarebytes
added 2025/12/16 11:46 a.m.8 views

Photo booth flaw exposes people&#8217;s private pictures online

Photo booths are great. You press a button and get instant results. The same can’t be said, allegedly, for the security practices of at least one company operating them. A security researcher spent weeks trying to warn a photo booth operator about a vulnerability in its system. The flaw reportedl...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/16 11:46 a.m.7 views

Photo booth flaw exposes people&#8217;s private pictures online

Photo booths are great. You press a button and get instant results. The same can’t be said, allegedly, for the security practices of at least one company operating them. A security researcher spent weeks trying to warn a photo booth operator about a vulnerability in its system. The flaw reportedl...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-4217

Malware in sbrugna...

5CVSS6.4AI score0.01218EPSS
Exploits0References6
Wired Threat Level
Wired Threat Level
added 2022/08/14 11:0 a.m.15 views

How to Create a Secure Folder on Your Phone

Keep private photos, videos, and documents away from prying eyes...

1.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/08/01 7:0 p.m.20 views

When a sextortion victim fights back

When Katie Yates suddenly started receiving nude photos of her friend, Natalie Claus, over on Snapchat, she instantly recognized that Claus had just become a victim of a sextortion attack. She also knew how Claus should respond. This happened in December 2019 when Claus was a sophomore. Both were...

0.1AI score
Exploits0
HackRead
HackRead
added 2021/08/30 6:16 p.m.34 views

iCloud phishing scam – Man stole private photos of 620,000 women

By Waqas LA County resident booked in iCloud phishing scam pretended to be an Apple agent and stole 620,000 photos, 9,000 videos of 306 young women. This is a post from HackRead.com Read the original post: iCloud phishing scam - Man stole private photos of 620,000 women...

1.4AI score
Exploits0
OSV
OSV
added 2021/08/06 1:15 p.m.5 views

CVE-2021-37381

Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private information such as photos through CSRF. For example: any student's photo information can be accessed through /gmis/S1/student/grgl/PotoImageShow/?bh=2. Among them, the code in 1 is a random string generat...

8.8CVSS5.8AI score0.00605EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2020/12/01 9:28 p.m.33 views

Android Messenger App Still Leaking Photos, Videos

The GO SMS Pro Android app has published two new versions on Google Play since a major security weakness was disclosed in November – but neither fixes the original issue, leaving 100 million users at risk for privacy violations, researchers said. Meanwhile, a raft of exploitation tools have been...

0.4AI score
Exploits0References5
HackRead
HackRead
added 2019/08/12 8:0 p.m.68 views

White hat hackers infect Canon DSLR camera with ransomware

By Waqas In a blog post published by Check Point, researchers have demonstrated how malicious hackers can remotely infect Canon DSLR camera with malware and lockout user from accessing their personal data including private photos and video files which can be a highly lucrative target for...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/07/01 3:7 p.m.59 views

Dating App Jack'd Fined After Leaking Users' Nude Pics

LGBTQ dating app Jack’d must cough up a $240,000 fine and “make substantial changes to improve security” on the heels of a security faux pas that leaked the private data – including nude photos – of thousands of its users. Jack’d is a popular location-based app that caters to gay and bisexual men...

6.7AI score
Exploits0References8
myhack58
myhack58
added 2019/03/06 12:0 a.m.78 views

Android TV exposed the bug or cause of the user's private photos leaked-vulnerability warning-the black bar safety net

Recently, Twitter users prashanth broke the news, said he found the Android TV's a bug, or lead to users private photos being leaked. When he connected to a Vu Android TV, and select the“switch to another account”, turned out to be able to view all with this TV the name of the person and the...

0.9AI score
Exploits0
Rows per page
Query Builder