CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

PT-2026-4538

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2025-67263

Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these...

CVE-2025-67263

CVE-2025-67263 affects Abacre Retail Point of Sale 14.0.0.396 in the Clients module. The vulnerability is a stored XSS caused by failing to properly sanitize user-supplied input in the Name and Surname fields, which is persisted in the database. An attacker can inject HTML or script content that ...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow

Summary The software constructs all or part of an SQL command using externally-controlled input, but it does not neutralize properly that input that could modify the intended SQL command when it is sent to a database interaction method e.g. JDBC. Commonly a database table contains information tha...

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient validation of the mail parameter in the confirmationAction of the Powermail extension, allowing an unauthenticated attacker to display user-submitted data of all forms persisted by t...

Broker: discloses JDBC username and password in the application log file

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the MyAccountPortlet fields such as First Name, Middle Name, and Last Name. A user can inject malicious scripts that persist within the database and are executed when other users view these modified fields...

DEBIAN-CVE-2018-20743

murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service daemon hang or crash via a message flood...

Distributed Security Alerting: Securitybot

Distributed Security Alerting Securitybot is an open-source implementation of a distributed alerting chat bot, as described in Ryan Huber’s blog post . Distributed alerting improves the monitoring efficiency of your security team and can help you catch security incidents faster and more...