CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-36548

A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...

CVE-2025-41420

A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-41420

A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-48732

CVE-2025-48732 affects WWBN AVideo 14.4 and the dev master commit 8a8954ff. Cisco Talos reports an incomplete blacklist in videos/.htaccess: a crafted HTTP request can trigger arbitrary code execution by accessing a .phar file. The vulnerability is tied to a FilesMatch list that omits .phar, enab...

CVE-2025-48732

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability...

CVE-2025-48732

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability...

PT-2025-30678 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists due to the PlaylistOwnerUsersId parameter functionality within the managerPlaylists component. A specially crafted HTTP...

PT-2025-30676 · Wwbn +1 · Avideo +1

Name of the Vulnerable Software and Affected Versions: WWBN AVideo version 14.4 WWBN AVideo dev master commit 8a8954ff Description: A cross-site scripting xss issue exists in the LoginWordPress loginForm cancelUri parameter functionality. A crafted HTTP request can lead to arbitrary Javascript...

WWBN AVideo .htaccess sample incomplete blacklist vulnerability

Talos Vulnerability Report TALOS-2025-2213 WWBN AVideo .htaccess sample incomplete blacklist vulnerability July 24, 2025 CVE Number CVE-2025-48732 SUMMARY An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request ca...

Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION:...

Exploit for CVE-2025-6082

CVE-2025-6082 Full Path Disclosure PoC Author: Byte Reape...

CVE-2025-7790

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menunat.asp of the component HTTP Request Handler. The manipulation of the argument outaddr/inaddr/outport/proto leads to stack-based buffer overflow. It is possib...

CVE-2025-46002

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...

CVE-2025-7762

A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menunatmore.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotel...

CVE-2025-7790

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menunat.asp of the component HTTP Request Handler. The manipulation of the argument outaddr/inaddr/outport/proto leads to stack-based buffer overflow. It is possib...

CVE-2025-7790

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menunat.asp of the component HTTP Request Handler. The manipulation of the argument outaddr/inaddr/outport/proto leads to stack-based buffer overflow. It is possib...

CVE-2025-7790 D-Link DI-8100 HTTP Request menu_nat.asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menunat.asp of the component HTTP Request Handler. The manipulation of the argument outaddr/inaddr/outport/proto leads to stack-based buffer overflow. It is possib...

CVE-2025-7790

The CVE-2025-7790 entry concerns the D-Link DI-8100 router, firmware 16.07.26A1. A stack-based buffer overflow exists in the HTTP Request Handler, specifically in the /menu_nat.asp/file handling of arguments out_addr/in_addr/out_port/proto, which can be triggered remotely. Public exploits have be...

GHSA-R7Q6-6FMQ-MX4C Filemanager is vulnerable to Relative Path Traversal through filemanager.php

An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint...