CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

MyTube security vulnerability

MyTube is a video self-hosted downloader and player developed by Peifan Li. Versions of MyTube prior to 1.7.78 contained security vulnerabilities, which stemmed from insufficient input validation in the settings management function. These vulnerabilities could lead to large-scale distribution...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140

CVE-2026-24140 involves a mass assignment vulnerability in MyTube (versions 1.7.78 and earlier) where the saveSettings() function accepts arbitrary key-value pairs and persists them to the database without validating property names. The underlying cause is input handling with Record and unfiltere...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

PT-2026-4538

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

[SECURITY] Fedora 43 Update: python-pydantic-2.12.4-1.fc43

Data validation and settings management using python type hinting...

[SECURITY] Fedora 43 Update: python-pydantic-2.12.3-1.fc43

Data validation and settings management using python type hinting...

EUVD-2021-30225

Malicious code in bioql PyPI...

EUVD-2024-51356

Malicious code in bioql PyPI...

CVE-2024-7984

The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-24734

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...

School Log Management System 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : School Log Management System 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

Simple College Website 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : Simple College Website 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

[SECURITY] Fedora 38 Update: python-pydantic-1.10.14-5.fc38

Data validation and settings management using python type hinting...

BIT-MYBB-2021-43281

MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type "php" with PHP code, executed o...

Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

It’s no secret that ransomware is top of mind for many chief information security officers CISOs as the number of attacks has increased exponentially. As seen in the latest Microsoft Digital Defense Report, our “telemetry indicates that organizations faced an increased rate of ransomware attacks...

Ubuntu 20.04 ESM : Pydantic vulnerability (USN-6553-1)

The remote Ubuntu 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-6553-1 advisory. Nina Jensen discovered that Pydantic incorrectly handled user input in the date and datetime fields. An attacker could possibly use this issue to cause a denial o...

Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response XDR capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and showcas...