AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php

Summary The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesystem paths, remote server URLs, and SSH connection metadata. Details...

Information Exposure

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Information Exposure via the install/test.php script when the command-line interface guard is disabled. An attacker can access sensitive information such as viewer...

AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php

Summary The install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP addresses, session IDs, and user agents to unauthenticated visitors...

PT-2026-30336

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without authentication. Other endpoints in the CloneSite plugin directory enforce User::isAdmin. The log contains...

NETGATE Amiti Antivirus 代码问题漏洞

NETGATE Amiti Antivirus is a antivirus software developed by the Slovak company NETGATE. NETGATE Amiti Antivirus build 23.0.305 has a code vulnerability. This vulnerability stems from service paths in the AmitiAvSrv and AmitiAntivirusHealth services that are not properly quoted. This could allow...

IOBit Malware Fighter 代码问题漏洞

IOBit Malware Fighter is a set of antivirus software developed by IOBit for Windows platforms. This software includes features such as anti-malware and virus protection. Version 4.3.1 of IOBit Malware Fighter has a code vulnerability. This vulnerability stems from service paths in the IMFservice...

EUVD-2022-55962

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...

CVE-2026-34826

A flaw was found in Rack. A remote attacker can exploit this by sending a specially crafted HTTP Range header containing numerous small, overlapping byte ranges. This can cause disproportionate consumption of CPU, memory, I/O, and bandwidth resources. The result is a Denial of Service DoS conditi...

CVE-2026-34763

A flaw was found in Rack. A remote attacker could exploit a vulnerability in Rack::Directory's handling of root paths. When the configured root path contains special regular expression characters, the directory listing generation can fail to properly strip the path prefix. This can lead to the...

EUVD-2026-18728

In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfssyscontrollerprobe In mpfssyscontrollerprobe, if ofgetmtddevicebynode fails, the function returns immediately without freeing the allocated memory for syscontroller, leading to a memor...

EUVD-2026-18688

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211txprepareskb failure ieee80211txprepareskb has three error paths, but only two of them free the skb. The first error path ieee80211txprepare returning TXDROP does not free it, while...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the put function. An attacker can write arbitrary files to any location on the filesystem by sending crafted HTTP PUT requests with specially constructed paths that traverse directories. PoC !/usr/bin/env bash...

Replay Attack

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Replay Attack in the replay deduplication process. An attacker can bypass intended access restrictions by reusing messageId values across authenticated sibling-target delivery paths...

Replay Attack

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Replay Attack in the replay deduplication process. An attacker can bypass intended access restrictions by reusing messageId values across authenticated sibling-target delivery paths...

EUVD-2026-18380

Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory...

GHSA-Q4QF-9J86-F5MH Rack:: Static header_rules bypass via URL-encoded paths

Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...

Rack:: Static header_rules bypass via URL-encoded paths

Summary Rack::Staticapplicablerules evaluates several headerrules types against the raw URL-encoded PATHINFO, while the underlying file-serving path is decoded before the file is served. As a result, a request for a URL-encoded variant of a static path can serve the same file without the headers...

Axios supply chain attack - dependency in @lightdash/cli may resolve to compromised axios versions

Impact A supply chain attack on the axios npm package versions 1.14.1 and 0.30.4 introduced a malicious transitive dependency [email protected] that deploys a cross-platform remote access trojan RAT on macOS, Windows, and Linux. The attacker compromised the primary axios maintainer's npm...

Incorrect Behavior Order: Validate Before Canonicalize

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...

Permissive Regular Expression

Overview rack is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between the so-called middleware into a singl...