3 matches found
CVE-2026-39957
Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...
CVE-2026-23950 node-tar has Race Condition in Path Reservations via Unicode Ligature Collisions on macOS APFS
node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...
PT-2024-38249 · WordPress · Blog2Social
Name of the Vulnerable Software and Affected Versions: Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to, and including, 7.5.4 Description: The issue is related to Stored Cross-Site Scripting via 3gp2 file uploads due to insufficient input sanitization and output...