GHSA-2VG4-RRX4-QCPQ AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php

Summary The plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FFmpeg management endpoints kill.ffmpeg.json.php, list.ffmpeg.json.php, ffmpeg.php require User::isAdmin. Details The entire...

Authentication Bypass

litellm is vulnerable to Authentication Bypass. The vulnerability is due to weak cache key generation using only the first 20 characters of JWT tokens, which allows an attacker to craft a token with a matching prefix and gain unauthorized access by inheriting another user’s identity...

CVE-2026-5454

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is...

PT-2026-30318

Summary: The file lightrag/api/config.py line 397 uses a default JWT secret "lightrag-jwt-default-secret" when the TOKEN SECRET environment variable is not set. The AuthHandler in lightrag/api/auth.py lines 24-25 uses this secret to sign and verify tokens. An unauthenticated attacker can forge...

openSUSE 16 Security Update : kea (openSUSE-SU-2026:20452-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20452-1 advisory. Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message...

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via the publishInstagram.json.php endpoint, which acts as a proxy to the Instagram Graph API without enforcing authorization checks. An...

CVE-2026-34608

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhookinproc.c, the hookworkcb function processes nng messages by parsing the message body with cJSONParsebody. The body is obtained from nngmsgbodymsg, which is a binary buffer without a...

fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)

Summary fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. ---...

LiteLLM: Authentication bypass via OIDC userinfo cache key collision

Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...

CVE-2026-26058

Zulip (open-source team collaboration tool) is affected in versions 1.4.0 up to, but not including, 11.6. The vulnerability arises in the import path where ./manage.py import can read arbitrary server files due to path traversal in uploads/records.json. A crafted export tarball can cause the serv...

EUVD-2026-18838

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

CVE-2026-26058 Zulip: Path Traversal in Import

Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arbitrary files from the server filesystem via path traversal in uploads/records.json. A crafted export tarball causes the server to copy any file the zulip user can read into the...

Security Bulletin:IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint (CVE-2025-13855).

Summary IBM Storage Protect Server provides a JSON-RPC endpoint through which authenticated users can execute backend SQL SELECT queries and access data from internal database tables, potentially exposing administrative metadata. Vulnerability Details CVEID:CVE-2025-13855 DESCRIPTION: IBM Storage...

CVE-2026-25726

Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...

CVE-2026-25726

CVE-2026-25726 (Cloudreve) : Prior to 4.13.0, Cloudreve uses the weak Go PRNG math/rand seeded with time.Now().UnixNano() to generate critical secrets (secret_key, hash_id_salt) stored in the DB. An attacker can fetch the administrator account creation time via public APIs, brute-force the PRNG s...

EUVD-2026-18799

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

CVE-2026-35168

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

CVE-2026-5471 Investory Toy Planet Trouble App app.investory.toyfactory google-services-desktop.json hard-coded key

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

EUVD-2026-18603

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.json of the component ca.diagram.dialogue. Executing a manipulation of the argument SEGMENTWRITEKEY can lead to use of hard-coded cryptographic key...

EUVD-2026-18599

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the component co.gridapp.organiser. Performing a manipulation of the argument SegmentWriteKey results in use of hard-coded cryptographic key . The attack is...