16578 matches found
CVE-2025-36548
A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...
CVE-2025-46410
CVE-2025-46410 affects WWBN AVideo 14.4 and dev master commit 8a8954ff. Talos reports a reflected XSS in managerPlaylists.php via the PlaylistOwnerUsersId parameter due to insufficient input sanitization, enabling arbitrary Javascript execution when a user visits a crafted page. The vulnerability...
CVE-2025-46410
A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...
CVE-2025-46410
A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...
CVE-2025-53084
A cross-site scripting xss vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabili...
CVE-2025-53084
A cross-site scripting xss vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabili...
CVE-2025-53084
CVE-2025-53084 affects WWBN AVideo 14.4 and the dev master commit 8a8954ff. Talos reports a reflected XSS in the videosList.php page parameter handling (parameter: page) due to missing sanitization, enabling arbitrary JavaScript execution when a user visits a crafted page. The vulnerability is ex...
CVE-2025-50128
A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-50128
A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-36548
A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...
CVE-2025-41420
A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-41420
A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-48732
CVE-2025-48732 affects WWBN AVideo 14.4 and the dev master commit 8a8954ff. Cisco Talos reports an incomplete blacklist in videos/.htaccess: a crafted HTTP request can trigger arbitrary code execution by accessing a .phar file. The vulnerability is tied to a FilesMatch list that omits .phar, enab...
CVE-2025-48732
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability...
CVE-2025-48732
An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability...
PT-2025-30676 · Wwbn +1 · Avideo +1
Name of the Vulnerable Software and Affected Versions: WWBN AVideo version 14.4 WWBN AVideo dev master commit 8a8954ff Description: A cross-site scripting xss issue exists in the LoginWordPress loginForm cancelUri parameter functionality. A crafted HTTP request can lead to arbitrary Javascript...
PT-2025-30678 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists due to the PlaylistOwnerUsersId parameter functionality within the managerPlaylists component. A specially crafted HTTP...
WWBN AVideo .htaccess sample incomplete blacklist vulnerability
Talos Vulnerability Report TALOS-2025-2213 WWBN AVideo .htaccess sample incomplete blacklist vulnerability July 24, 2025 CVE Number CVE-2025-48732 SUMMARY An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request ca...
Security Bulletin: IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM Security QRadar Network Threat Analytics app for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION:...
Exploit for CVE-2025-6082
CVE-2025-6082 Full Path Disclosure PoC Author: Byte Reape...