CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

ZZCMS 安全漏洞

ZZCMS is a content management system CMS from the ZZCMS team in China. A security vulnerability exists in ZZCMS version 2023, which stems from the checkyzm function failing to properly refresh the CAPTCHA value after a failed validation attempt...

Confluence's create-content operation takes up to 20 minutes to completely render the Create dialog

h3. Issue Summary Confluence's create-content operation clicking the "..." button next to the Create button at the top left results in a create-dialog window that can take up to 20 minutes to fully render. This is reproducible on Data Center: yes h3. Steps to Reproduce On an affected version of...