CVE-2026-34396

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...

MiracleLinux 8 : cyrus-sasl-2.1.27-6.el8 (AXSA:2022-3081:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3081:01 advisory. cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands CVE-2022-24407 Tenable has extracted the preceding...

CVE-2025-15265

A flaw was found in Svelte. A remote attacker can exploit this Cross-Site Scripting XSS vulnerability during asynchronous hydration by providing specially crafted input. This input, when processed, allows for the injection of arbitrary JavaScript into a user's browser due to improper escaping of...

CVE-2025-25029 IBM Security Guardium information disclosure

IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input...

cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...