CVE-2026-20223

Cisco Secure Workload is affected by a vulnerability in the access validation of internal REST APIs that could allow an unauthenticated, remote attacker to access site resources with Site Admin privileges. The issue arises from insufficient validation/authentication when accessing REST API endpoi...

CVE-2026-34369 AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

CVE-2026-33314

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

dagu 路径遍历漏洞

Dagu is a workflow engine developed under open source by Dagu Workflow Engine. Versions of Dagu from 2.0.0 to 2.3.1 had a path traversal vulnerability. This vulnerability stemmed from the fact that API endpoints such as GET, DELETE, RENAME, and EXECUTE did not call the ValidateDAGName function. A...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the API endpoints responsible for updating and deleting inventory item attachments. An attacker can access or modify attachments belonging to other users by sending crafted requests as an authenticated user...