MyTube security vulnerability

MyTube is a video self-hosting downloader and player developed by Peifan Li. Versions of MyTube prior to 1.7.78 contained a security vulnerability, which stemmed from improper permission verification at the database export endpoint. This vulnerability could allow low-privilege users to access...

CVE-2026-24140 MyTube has Mass Assignment via Settings Management

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24140

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient input validation. The application's saveSettings function accepts arbitrary key-value pairs without...

CVE-2026-24139 MyTube Allows Unauthorized Database Export by Guest Users

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

CVE-2026-24139

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

CVE-2026-24139 MyTube Allows Unauthorized Database Export by Guest Users

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

CVE-2026-24139

CVE-2026-24139 affects MyTube (versions 1.7.78 and earlier) and is caused by improper validation of user permissions on the database export endpoint, enabling guest/low-privilege users to bypass authorization and download the complete application database. RedHat, NVD, and PTSecurity sources conf...

CVE-2026-24139 MyTube Allows Unauthorized Database Export by Guest Users

MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export...

CVE-2025-49050

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affects WP Lead Capturing Pages: from n/a through = 2.5...

CVE-2025-69907

An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration...

CVE-2026-24624

CVE-2026-24624 pertains to WordPress Neoforum plugin with SAEROS1984 Neoforum: SQL injection allowing Blind SQL Injection in Neoforum versions up to 1.0. Public risk details mention affected product and vulnerability type; no patch/version fix details are provided in the connected documents.

CVE-2026-24572 WordPress Nelio Content plugin <= 4.2.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through = 4.2.0...

EUVD-2026-4381

Missing Authorization vulnerability in uPress Booter booter-bots-crawlers-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booter: from n/a through = 1.5.7...

Security Bulletin: Multiple vulnerabilities in IBM Db2 affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerabilities in IBM® Db2® 11.5 & 12.1 affect IBM Db2 Big SQL 7 on IBM Cloud Pak for Data 5.1 and earlier. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1, 11.5, and 12.1 is vulnerable to a denial of...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Multiple vulnerabilities in IBM® Db2® 11.5 affect IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4 & 5 Vulnerability Details CVEID:CVE-2024-31882 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1 and 11.5 is vulnerable to a denial of service, under specific...

Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL on IBM Cloud Pak for Data

Summary Multiple vulnerabilities in IBM Db2 12.1 affect IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-33012 DESCRIPTION: IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux...

149 Million Usernames and Passwords Exposed by Unsecured Database

This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who discovered it suspects they were collected using infostealing malware...

EUVD-2026-4417

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

WordPress Coven Core plugin <= 1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Coven Core versions = 1.3...

EUVD-2026-4422

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information exposure...