9 matches found
CVE-2026-55417
Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...
CVE-2026-55417
Chevereto (self-hosted media sharing) is affected in versions 3.7.5 up to before 4.5.4. The issue is that when a user enables private profile, the HTML route (/username) correctly returns 404, but the /json AJAX listing endpoint does not apply the same privacy check. An unauthenticated caller who...
CVE-2026-55417
Chevereto is a self-hosted media-sharing platform. Starting in version 3.7.5 and prior to version 4.5.4, when a user enables the private profile option, visiting their profile HTML route /username correctly returns 404. However, the /json AJAX listing endpoint does not apply the same check. An...
CVE-2026-25575
NavigaTUM's propose_edits API had a path traversal flaw before commit 86f34c7, enabling unauthenticated users to overwrite files in directories writable by the application user (e.g., /cdn) by sending unsanitized file keys containing traversal sequences (../../) in JSON. This could allow replacin...
EUVD-2026-5325
NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...
CVE-2021-22198
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of public projects...
gitea -- Prevent anonymous container access
Problem Description: Even with RequireSignInView enabled, anonymous users can use docker pull to fetch public images...
Drupal 安全漏洞
Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal versions prior to 7.91, prior to 9.3.19, and prior to 9.4.3, which stems from the image module not properly checking for image files that are not stored in the...
UBUNTU-CVE-2018-15869
An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image A...