37452 matches found
CVE-2026-32202
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-32225
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...
PYSEC-2026-156
Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable the webhook add-on as a workaround...
File-Cleaner-
I learn from this Project w Never trust user input: Attackers c...
Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Gen Self...
PT-2026-33189
Avast Premium Security Gen Self Protection Driver Exposed Dangerous Function Local Privilege Escalation Vulnerability...
frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control
Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...
WWBN AVideo is missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators
Summary objects/commentDelete.json.php is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It does not call forbidIfIsUntrustedRequest, does not verify a CSRF/global token, and does not check Origin/Referer. Because AVideo intentionally sets...
WWBN AVideo has Multiple CSRF Vulnerabilities in Admin JSON Endpoints (Category CRUD, Plugin Update Script)
Summary Three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and perform state-changing actions against the database without calling...
GHSA-VVFW-4M39-FJQF WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials
Summary objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not verify a globalToken, and does not validate the Origin/Referer...
Protection Mechanism Failure
Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the collect process. An attacker can gain unauthorized access to restricted template functionality by leveraging insufficient sandbox restrictions when authenticated with backend access and template editi...
EUVD-2026-22613
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...
EUVD-2026-22333
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...
CVE-2026-32225
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-32202
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-32171
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...
CVE-2026-32225
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-32202
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-32202
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-27316
A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed administrator to read LDAP server credentials via client-side inspection...