CVE-2026-34737 AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug endpoint that is accessible to any logged-in user, not just administrators. This endpoint processes Stripe webhook-style payloads and triggers subscription operations, includin...

Khoj 安全漏洞

Khoj is an open source application from Khoj AI. It can create ready-to-use personal AI agents for users. A security vulnerability exists in Khoj versions prior to 1.29.10, which stems from the presence of an insecure direct object reference IDOR vulnerability that allows any authenticated user t...