CVE-2026-41317

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS.press.api.account.createapisecret is prone to CSRF-like exploits. This endpoint writes to database and it is also accessible via GET method. The patch in commit...

CVE-2026-40928

WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under objects/ accept state-changing requests via $REQUEST/$GET and persist changes tied to the caller's session user, without any anti-CSRF token, origin check, or referer check. A malicious...

CVE-2025-68927

Libredesk is a self-hosted customer support desk. Prior to version 0.8.6-beta, LibreDesk is vulnerable to stored HTML injection in the contact notes feature. When adding notes via POST /api/v1/contacts/id/notes, the backend automatically wraps user input in tags. However, by intercepting the...

Comodo GeekBuddy 4.18.121 - Local Privilege Escalation

Comodo GeekBuddy 4.18.121 - Local Privilege Escalation Comodo GeekBuddy Local Privilege Escalation CVE-2014-7872 Jeremy Brown jbrown3264/gmail -Synopsis- Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall and Comodo Internet Security, runs a passwordless, background VNC...

Comodo GeekBuddy < 4.18.121 - Local Privilege Escalation

Comodo GeekBuddy Local Privilege Escalation CVE-2014-7872 Jeremy Brown jbrown3264/gmail -Synopsis- Comodo GeekBuddy, which is bundled with Comodo Anti-Virus, Comodo Firewall and Comodo Internet Security, runs a passwordless, background VNC server and listens for incoming connections. This can all...