CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140

CVE-2026-24140 involves a mass assignment vulnerability in MyTube (versions 1.7.78 and earlier) where the saveSettings() function accepts arbitrary key-value pairs and persists them to the database without validating property names. The underlying cause is input handling with Record and unfiltere...

CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2025-69182

Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through = 1.3.4...

CVE-2025-69292

Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through = 1.6.4...

CVE-2025-69293

Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through = 1.2.5...

CVE-2025-69183

Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through = 1.3.9...

CVE-2025-50007

Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through = 1.2.9.4...

CVE-2025-67966

Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through = 1.3.3...

CVE-2025-67953

Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through = 1.16.44...

CVE-2025-68869

Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through = 1.2.37...

CVE-2025-68027

Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through = 1.1.32...

CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment

The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check on the 'savesecondaryrolesfield' function. This makes it possible for authenticated attackers, with Subscriber-level...

WordPress Melapress Role Editor plugin <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment vulnerability

Improper Authorization to Authenticated Subscriber+ Privilege Escalation via Secondary Role Assignment vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Melapress Role Editor versions = 1.1.1...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

PT-2026-4538

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-22280

Dell PowerScale OneFS has a vulnerability caused by an incorrect permission assignment for a critical resource. A low-privileged attacker with local access could potentially exploit this to cause denial of service. Affected versions include 9.5.0.0–9.5.1.5, 9.6.0.0–9.7.1.10, 9.8.0.0–9.10.1.3, and...