Lucene search
K

9 matches found

NVD
NVD
added 6 days ago12 views

CVE-2026-55417

Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...

6.9CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 6 days ago8 views

CVE-2026-55417

Chevereto (self-hosted media sharing) is affected in versions 3.7.5 up to before 4.5.4. The issue is that when a user enables private profile, the HTML route (/username) correctly returns 404, but the /json AJAX listing endpoint does not apply the same privacy check. An unauthenticated caller who...

6.9CVSS6AI score0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-55417

Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...

6.9CVSS6AI score0.00249EPSS
Exploits0References3Affected Software3
CVE
CVE
added 2026/02/04 9:54 p.m.10 views

CVE-2026-25575

NavigaTUM's propose_edits API had a path traversal flaw before commit 86f34c7, enabling unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn) by sending unsanitized file keys containing traversal sequences (../../) in JSON. This could allow replacin...

8.8CVSS5.5AI score0.00444EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/02/04 9:54 p.m.7 views

EUVD-2026-5325

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

8.8CVSS5.5AI score0.00444EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:19 a.m.10 views

CVE-2021-22198

An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects...

4.3CVSS6.3AI score0.01077EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2024/01/24 12:0 a.m.11 views

gitea -- Prevent anonymous container access

Problem Description: Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...

7.2AI score
Exploits0References1
CNNVD
CNNVD
added 2022/07/21 12:0 a.m.24 views

Drupal 安全漏洞

Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal versions prior to 7.91, prior to 9.3.19, and prior to 9.4.3, which stems from the image module not properly checking for image files that are not stored in the...

7.5CVSS7.2AI score0.00667EPSS
Exploits0References3
OSV
OSV
added 2018/08/25 12:29 a.m.5 views

UBUNTU-CVE-2018-15869

An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...

5.3CVSS6.4AI score0.01801EPSS
Exploits0References4
Rows per page
Query Builder