CVE-2026-28502 WWBN AVideo: Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction

WWBN AVideo is an open source video platform. Prior to version 24.0, an authenticated Remote Code Execution RCE vulnerability was identified in AVideo related to the plugin upload/import functionality. The issue allowed an authenticated administrator to upload a specially crafted ZIP archive...

PT-2023-26153 · Unknown · Dimitar Ivanov Http Headers

Name of the Vulnerable Software and Affected Versions: Dimitar Ivanov HTTP Headers plugin versions prior to 1.18.12 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated administrators. This vulnerability allows for malicious scripts to be...