Exploit for CVE-2026-1657

CVE-2026-1657 CVE-2026-1657 exp...

CVE-2026-33484

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the /api/v1/files/images/flowid/filename endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flowid and filename returns...

Unspecified Vulnerability in HCL AION (CNVD-2026-15149)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause the use of an unauthenticated or tampered image, triggering security risks such as integrity breaches or unexpected system behavior...

PT-2026-8398

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload file media AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, ...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when reading an unauthenticated corrupted ELF image...

EUVD-2025-24466

Malicious code in bioql PyPI...

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5 and 5.21.4, which stems from an unauthenticated image export API that could lead to information disclosure...

CVE-2025-55171

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacaoremover.php allowing anonymous attacker without login to delete any Image files at endpoin...

CVE-2024-13117 Social Share Buttons for WordPress <= 2.7 - Unauthenticated Image Upload & Path Traversal

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded...

Cisco IOS XR Data Forgery Issue Vulnerability

Cisco IOS XR is an operating system developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XR, which originates from a security hole in the iPXE boot feature that can be exploited by an authenticated attacker to install an unauthenticated software image on an...

PT-2023-9791 · Visteon · Visteon Infotainment

Name of the Vulnerable Software and Affected Versions: Visteon Infotainment affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the ability to execute...

Emby Server <= 4.7.6.0 Information Disclosure Vulnerability

Emby Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

NVIDIA Shield TV Experience Privilege Permission and Access Control Vulnerability

The NVIDIA SHIELD TV entertainment console is a living room entertainment device released by NVIDIA. The NVIDIA Shield TV Experience suffers from a privilege-granting and access control vulnerability that stems from the program failing to properly authenticate the Trusted OS image. An attacker...

Global Flash Galleries - swfupload.php Unauthenticated Image Upload Weakness

The global-flash-galleries WordPress plugin was affected by a swfupload.php Unauthenticated Image Upload Weakness security vulnerability...