3 matches found
CVE-2026-33037
WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...
CVE-2026-33041
CVE-2026-33041 affects WWBN AVideo. In versions 25.0 and earlier, the endpoint /objects/encryptPass.json.php exposes the site’s password hashing algorithm to unauthenticated users, allowing submission of a password to receive its hash and enabling offline cracking against leaked database hashes. ...
WordPress Yoast SEO Premium plugin 25.7-25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Plugin Yoast SEO Premium versions 25.7-25.9...