9 matches found
CVE-2026-40096
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...
immich 安全漏洞
Immich is a high-performance, open-source managed solution for photo and video management. Versions of Immich prior to 2.7.3 contained security vulnerabilities. These vulnerabilities stemmed from an open redirection issue in the shared album feature, which could lead to phishing attacks...
EUVD-2026-22816
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...
PT-2026-33001
immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker can create a shared albu...
CVE-2026-25118 immich-server: Insecure Transmission of Authentication Credentials via Password Parameter in HTTP Request Query String When Accessing Shared Albums
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
CVE-2026-25118 immich-server: Insecure Transmission of Authentication Credentials via Password Parameter in HTTP Request Query String When Accessing Shared Albums
immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album password within t...
CVE-2026-25118
CVE-2026-25118 affects Immich server prior to version 2.6.0, where the authentication process transmits the album password in the URL query string of a GET request to /api/shared-links/me. This causes credential disclosure through browser history, proxy/server logs, and referrer headers, potentia...
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...
CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...