CVE-2026-40925 WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...

CVE-2026-40925 WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...

EUVD-2026-24485

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...

CVE-2026-40925

WWBN AVideo contains a CSRF vulnerability in objects/configurationUpdate.json.php (also via /updateConfig) that an authenticated admin can be tricked into triggering via cross-origin POST, allowing rewriting of encoder URL, SMTP credentials, site HTML, and more. Affected: WWBN AVideo up through v...

WordPress Email Encoder plugin < 2.3.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Encoder Bundle versions 2.3.4...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011187)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011187 advisory. In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set devicecaps for 417 The videodevice for the MPEG encoder did not set devicecap...

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion bsc1258790. CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. CVE-2026-28494: missing bounds checks in the morphology...

SUSE-SU-2026:1497-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-24484: denial of service via multi-layer nested MVG to SVG conversion bsc1258790. - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds checks in the...

EUVD-2024-55553

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7083

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7083 Email Encoder < 2.3.4 - Admin+ Stored XSS

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7083

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7083

The CVE-2024-7083 issue affects the WordPress Email Encoder (Email Encoder Bundle) plugin, prior to version 2.3.4. Root cause: insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in mul...

CVE-2024-7083 Email Encoder < 2.3.4 - Admin+ Stored XSS

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Email Encoder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

PT-2026-33717

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed for example in multisite setup...

SAIL 安全漏洞

SAIL is an open-source image decoding library developed by SAIL. SAIL has a security vulnerability, which stems from the RLE decoder in the TGA encoder/decoder’s asymmetric boundary checks. This vulnerability may lead to a stack buffer overflow...

SAIL 安全漏洞

SAIL is an open-source image decoding library developed by SAIL. SAIL has a security vulnerability, which stems from inconsistencies in byte-per-pixel calculations and pixel buffer allocations within the PSD encoder. This can lead to heap buffer overflows...

OESA-2026-1916 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

BIT-DOTNET-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...