2 matches found
CVE-2026-1466
CVE-2026-1466 concerns Jirafeau, where the MIME-type based preview guard (image/* except image/svg+xml, plus video/audio) could be bypassed by sending a crafted request with an invalid MIME type (e.g., image). During preview, browsers may sniff the MIME type and detect SVG, potentially executing ...
PYSEC-2023-85
Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist setting potentially allowing server side request forgery or bypassing network policies. Impact is limited to IP addresses allowed by the...