CVE-2026-53867
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers c
CVSS
4.3
Medio
EPSS
0.2%
p8
KEV
—
Exploit Today
2
0-100
Publicado: 12 jun 2026 · Última mod.: 14 jul 2026 · CWE-459
0.2%EPSS · 30 días0.2%
2026-06-302026-07-16
Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can access orphaned image files through previously generated URLs, allowing unauthorized retrieval of user-uploaded content.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-33047.5 ALT47.6%
——14Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial of Service (DoS) by sending malformed requests, potentially causing resource exhaustion. Users should upgrade to version 2.1.0 to receive a patch. No known workarounds are available.2dCVE-2025-607307.6 ALT18.1%
——5PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function12dCVE-2026-115767.5 ALT17.8%
——5The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fx_file_close() even when the file was never successfully opened. Multiple error branches jump to the shared cleanup label before any file open operation has occurred, causing fx_file_close() to operate on an uninitialized file handle, leading to undefined behavior, double-close issues, or memory corruption.15dCVE-2026-76397.8 ALT2.4%
——1Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code.
Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete cleanup of an internal driver state, allowing for future unauthorized access to the contents of the physical memory.4d