CVE-2024-53615

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file...

CVE-2025-20891

Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Jan-2025 Release 1, which originates from an out-of-bounds read issue contained in the...

GHSA-5WJW-QJHM-V43H files.photo.gallery command injection

A command injection vulnerability in the video thumbnail rendering component of files.photo.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file...

CVE-2024-53615

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file...

CVE-2024-53615

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file...

CVE-2024-53615

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file...

PT-2025-2973 · Unknown · File Gallery

Name of the Vulnerable Software and Affected Versions: files.gallery versions 0.3.0 through 0.11.0 Description: A command injection vulnerability in the video thumbnail rendering component allows remote attackers to execute arbitrary code via a crafted video file. Recommendations: For versions...

WordPress Embed Video Thumbnail Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Embed Video Thumbnail Type Plugin Vulnerable versions = 1.3.0 Fixed in 1.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 8566e0ea18cd Credits Rafie Muhammad Patchstack...

CVE-2022-39907

CVE-2022-39907 affects Samsung decoding library used in Samsung Mobile devices. The issue is an integer overflow in the library that handles video thumbnails, enabling a local attacker to trigger an out-of-bounds write. Impact is described as high (confidentiality/integiry/availability concerns)....

Chaturbate: CSRF on change video thumbnail at https://chaturbate.com

Hi I noticed Changing video thumbnail option have the workflow with GET request and there is lack of csrf token on changing video thumbnail option,so if attacker somehow able to obtain the thumbnailid of victim's video then it can help attacker to inducing victim to change video thumbnail...