Lucene search
K

1686 matches found

EUVD
EUVD
added 2026/04/08 12:8 a.m.3 views

EUVD-2026-19879

WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page...

5.4CVSS5.9AI score0.00195EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/08 12:8 a.m.7 views

WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

Summary AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglink to a malicious XML file whose elements contain JavaScript. This...

5.4CVSS5.9AI score0.00195EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/07 8:16 p.m.10 views

CVE-2026-39367

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

5.4CVSS0.00195EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:22 p.m.3 views

CVE-2026-39367

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

5.4CVSS5.8AI score0.00195EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/04/07 7:16 p.m.3 views

CVE-2026-39349

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.7CVSS0.00112EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 6:22 p.m.3 views

CVE-2026-39349 OrangeHRM Uses AES-ECB for Sensitive Data Encryption Enables Pattern Disclosure

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.1CVSS5.9AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 6:22 p.m.5 views

EUVD-2026-19859

OrangeHRM is a comprehensive human resource management HRM system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability i...

2.1CVSS5.9AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 6:22 p.m.12 views

CVE-2026-39349

CVE-2026-39349 affects OrangeHRM Open Source versions 5.0 through 5.8, where certain sensitive fields were encrypted with AES in ECB mode, preserving block patterns and enabling potential pattern disclosure in stored data. The issue is fixed in 5.8.1. Details confirmed by the provided description...

2.7CVSS5.9AI score0.00112EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

OrangeHRM 加密问题漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained a security...

2.7CVSS5.8AI score0.00112EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-30986

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epg li...

5.4CVSS5.8AI score0.00195EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/01 9:8 p.m.9 views

EUVD-2026-17660

AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL Validation...

6.5CVSS5.8AI score0.00323EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 8:57 p.m.14 views

CVE-2026-34740

WWBN AVideo (versions 26.0 and prior) contains a stored SSRF in the EPG link feature. Authenticated users with upload permissions can store arbitrary URLs that the server fetches on each EPG page visit. The URL validation relies only on PHP FILTER_VALIDATE_URL, which accepts internal network addr...

6.5CVSS6AI score0.00323EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.11 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the lack of SRF protection in the EPG link function, which could lead to storage-side request forgery...

6.5CVSS5.9AI score0.00323EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.6 views

CVE-2026-33918

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint interface/billing/getclaimfile.php only verifies that the caller has a valid session and CSRF token, but does not check any ACL...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.4 views

CVE-2026-34056

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...

7.7CVSS5.8AI score0.00271EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.6 views

CVE-2026-32757

Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...

5.4CVSS5.8AI score0.00227EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Wecodex SAT CFDI SQL注入漏洞

Wecodex SAT CFDI is an electronic invoice generation and management system developed by Wecodex Corporation. Version 3.3 of Wecodex SAT CFDI contains a SQL injection vulnerability, which stems from insufficient input validation for the id parameter. This vulnerability may lead to SQL injection...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:53 p.m.4 views

CVE-2026-34056

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...

7.7CVSS5.8AI score0.00271EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/25 11:53 p.m.4 views

EUVD-2026-16050

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...

7.7CVSS5.8AI score0.00271EPSS
Exploits1References2
OSV
OSV
added 2026/03/25 11:13 p.m.4 views

CVE-2026-33914 OpenEMR has SQL Injection in PostCalendar Category Delete

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...

7.2CVSS6AI score0.00425EPSS
Exploits1References5
Rows per page
Query Builder