MEDIUM
NeoRazorX
CVE published 2026-05-18
CVE-2026-27892
CVE-2026-27892 is an information-disclosure flaw in FacturaScripts’ Library module. Before version 2026, uploaded images were stored and served byte-for-byte, so embedded EXIF/XMP/IPTC metadata was preserved and available to authenticated users who downloaded the file. That metadata could include GPS coordinates, device details, timestamps, comments, thumbnails, and other personally identifiable informati [truncated]