CVE-2026-33470

Frigate NVR (version 0.17.0) contains an authorization flaw that lets a low-privileged, authenticated user access snapshots from cameras they are not authorized to view. The chain involves: (1) /api/timeline returning timeline entries for cameras outside the caller’s allowed set, and (2) /api/eve...

Automattic: Timeline API returns private post when target of a push notification

The Timeline API was able to return private posts when the target of a push notification, even though the user did not have access to the post...

SUSE CVE-2017-2998

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution...

LY Corporation: Improper Access Control in LINE Timeline API that returns a list of hidden friends

Due to an insufficient access control check in an API endpoint for LINE Timeline function, it was possible for an attacker to retrieve a hidden list of any LINE users. Users can configure the hidden list not to show someone's post on their Timeline. Using this vulnerability, an attacker can get a...

flash-plugin: multiple code execution issues fixed in APSB17-07

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution...

CVE-2017-2998

Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution...