VYPR
Vendor

Futo

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2026-23896HigJan 29, 2026
    risk 0.47cvss 7.2epss 0.00

    immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version…

  • CVE-2026-25118HigApr 3, 2026
    risk 0.42cvss 7.5epss 0.00

    immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a shared album. During the authentication process, the application transmits the album…

  • CVE-2026-35455HigApr 8, 2026
    risk 0.40cvss 7.3epss 0.00

    immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious…

  • CVE-2025-43856HigJul 11, 2025
    risk 0.40cvss epss 0.00

    immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being checked. The oauth2 state parameter is similar to a csrf token, so when the user…

  • CVE-2026-40096MedApr 15, 2026
    risk 0.28cvss 5.4epss 0.00

    immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker…