CVE-2026-43885

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an...

@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

EUVD-2026-29333

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

CVE-2026-43886 Outline: OAuth Scope Validation Logic Error Allows Privilege Escalation to Wildcard API Access

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope uses Array.some to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the...

CVE-2026-43885 WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an...

CVE-2026-43885 WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints e.g. userslist without logging in. Commit 1c36f229d0a103528fb9f64d0a1cc0e1e8f5999b contains an...

CVE-2026-42333

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to versions 2.11.1-lts, 2.16.0-lts, and 2.17.0, the generated authentication filter matches OpenAPI path templates too broadly when deciding whether to attach credentials. A security...

CVE-2026-42339

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. In versions 0.11.9-alpha.1 and prior, the SSRF protection introduced in v0.9.0.5 CVE-2025-59146 and hardened in v0.9.6 CVE-2025-62155 does not block the unspecified address 0.0.0.0. A regular...

CVE-2026-42562

Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/id. The endpoint directly persists the admin attribute from user input, and the escalated accou...

CVE-2026-42884

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with...

GHSA-PW5X-2MF9-3XC8 MantisBT has a Private Bugnote Attachment Content Leak via REST API

A missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint GET /api/rest/issues/id/files and SOAP API mcissueattachmentget endpoint. Impact -...

Missing Authorization

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Missing Authorization in the file visibility process. An attacker can access unauthorized file attachments by sending requests to the REST API or SOAP API endpoints. Remediation Upgrade...

MantisBT has a Private Bugnote Attachment Content Leak via REST API

A missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint GET /api/rest/issues/id/files and SOAP API mcissueattachmentget endpoint. Impact -...

MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

The mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER level 55 threshold required by the dedicated...

MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API

Impact MantisBT allows an authenticated user to upload attachments to private Issues they are not authorized to access. Patches - b262b4d2835b81394d75356dead66e52a6275206 Workarounds None. Credits Thanks to Vishal Shukla for discovering and responsibly reporting the issue...

GHSA-H4X5-GVX6-3RWC MantisBT has an Authorization Bypass that Allows Uploading Attachments to Private Issues via REST API

Impact MantisBT allows an authenticated user to upload attachments to private Issues they are not authorized to access. Patches - b262b4d2835b81394d75356dead66e52a6275206 Workarounds None. Credits Thanks to Vishal Shukla for discovering and responsibly reporting the issue...

Incorrect Permission Assignment for Critical Resource

Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the creation of the daemon.json configuration file with overly permissive filesystem permissions. An attacker can gain...

webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy...

Duplicate Advisory: OpenClaw vulnerable to arbitrary code execution via attacker-controlled setup-api.js loaded from cwd during env-key resolution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r39h-4c2p-3jxp. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver tha...

EUVD-2026-29176

In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access...