CVE-2026-3115

creationtimestamp| type| source ---|---|--- 2026-03-27 03:00:09+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2026-4274...

CVE-2026-3116

creationtimestamp| type| source ---|---|--- 2026-03-27 03:00:09+00:00| seen| https://nvd.nist.gov/vuln/detail/CVE-2026-4274...

CVE-2026-33735

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...

CVE-2026-33735

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...

CVE-2026-33735 MyTube has an Improper Access Control that Allows Complete Application Takeover

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...

CVE-2026-33735 MyTube has an Improper Access Control that Allows Complete Application Takeover

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...

CVE-2026-33735 MyTube has an Improper Access Control that Allows Complete Application Takeover

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...

EUVD-2026-16512

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the /api/settings/import-database endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database entirely, leading to a fu...

CVE-2026-33735

MyTube is affected by an authorization bypass in the /api/settings/import-database endpoint (and related POST routes) that lets low-privilege attackers upload and replace the application’s SQLite database, enabling full compromise. The issue precedes version 1.8.69, which contains the fix. Impact...

CVE-2026-33725 Metabase vulnerable to RCE and Arbitrary File Read via H2 JDBC INIT Injection in EE Serialization Import

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...

CVE-2026-30533

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manageproduct.php file via the "id" parameter...

SourceCodester Online Food Ordering System 安全漏洞

The SourceCodester Online Food Ordering System is an open-source online meal ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Online Food Ordering System contains a security vulnerability. This vulnerability arises from the improper cleaning of the id parameter in th...

CVE-2026-30532

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

WeGIA SQL注入漏洞

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.7 contained an SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter idtag in the file html/socio/sistema/deletartag.php, which could lead...

MyTube 安全漏洞

MyTube is a video self-hosted downloader and player developed by Peifan Li. Versions of MyTube prior to 1.8.69 contained a security vulnerability. This vulnerability stemmed from the/api/settings/import-database endpoint’s authorization bypass, which could allow low-privilege attackers to upload...

Ella Core 安全漏洞

Ella Core is an open-source solution developed by Ella Networks for use in private networks as a 5G core network solution. Versions of Ella Core prior to 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from the NetworkManager role being granted backup and restore...

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

PT-2026-28680

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

Shenzhen Ruiming Streamax Crocus 安全漏洞

Shenzhen Ruiming Streamax Crocus is a vehicle monitoring device developed by Shenzhen Ruiming. Versions of Shenzhen Ruiming Streamax Crocus prior to 1.3.44 contained a security vulnerability. This vulnerability stemmed from improper handling of the State parameter in the file/RemoteFormat.do, whi...

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...