CVE-2026-43875

The CVE describes a vulnerability in WWBN/AVideo where plugin/MobileManager/oauth2.php leaks the user password hash via a GET redirect: it redirects with Location: oauth2Success.php?user=&pass=, and the hash is the stored password hash (md5(hash("whirlpool", sha1(password)))) read from the users ...

CVE-2026-43875 WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=&pass= where is the victim's stored password hash md5hash"whirlpool", sha1password read directly fro...

EUVD-2024-52418

Malicious code in bioql PyPI...

CVE-2024-54295

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through = 1.7.7...

CVE-2024-54295

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through = 1.7.7...

CVE-2024-54295 WordPress ListApp Mobile Manager plugin <= 1.7.7 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through = 1.7.7...

CVE-2024-54295 WordPress ListApp Mobile Manager plugin <= 1.7.7 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through = 1.7.7...

CVE-2024-54295

CVE-2024-54295 affects ListApp Mobile Manager. The issue is Missing Authorization to Privilege Escalation leading to Authentication Bypass (CVE-2024-54295). CVSS 3.1 base score 9.8 (CRITICAL); attack vector NETWORK, no user interaction required, impact to confidentiality, integrity, and availabil...

WordPress plugin ListApp Mobile Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

PT-2024-36176 · Inspireui · Inspireui Listapp Mobile Manager

Name of the Vulnerable Software and Affected Versions: InspireUI ListApp Mobile Manager versions 1.7.7 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, which allows unauthorized access. Recommendations: For versions 1.7.7 and earlier,...

WordPress ListApp Mobile Manager plugin <= 1.7.7 - Account Takeover vulnerability

Account Takeover vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin ListApp Mobile Manager versions = 1.7.7...