12 matches found
CVE-2026-45620
WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...
CVE-2026-45620
WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...
EUVD-2026-33307
WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...
CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration
WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...
WWBN AVideo 授权问题漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an authorization vulnerability. This vulnerability stemmed from the absence of user login checks and administrator gatekeeping in the objects/mention.json.php file...
PT-2026-38637
Name of the Vulnerable Software and Affected Versions Next.js affected versions not specified Description An authorization bypass exists in applications that use middleware to protect dynamic routes. Attackers can use specially crafted query parameters to alter the dynamic route value perceived b...
Joomla! CMS 访问控制错误漏洞
Joomla! CMS is a content management system developed under the open source Joomla! framework. There is an access control vulnerability in the Joomla! CMS. This vulnerability arises from the fact that the ajax component in the administration area is excluded from the default login user checks, whi...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an inability to block simultaneous check and update failed login attempts. The following versions are affected: versions 10.1.x through...
CVE-2021-4346
The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stmlistingprofileedit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog,...
CVE-2021-4346
The uListing plugin for WordPress is vulnerable to Unauthenticated Arbitrary Account Changes in versions up to, and including, 1.6.6. This is due to missing login checks on the stmlistingprofileedit AJAX action. This makes it possible for unauthenticated attackers to edit any account on the blog,...
Artica Integria IMS has an unspecified vulnerability
Artica Integria IMS is a web-based help desk software from the Spanish company Artica. The software features SLA tracking, workflow management, personalized reporting and email management.A security vulnerability exists in the Artica Integria IMS login checks, which could be exploited by an...
WordPress membership-simplified-for-oap-members-only plugin arbitrary file download vulnerability
WordPress membership-simplified-for-oap-members-only is a membership plugin developed for WordPress. An arbitrary file download vulnerability exists in the WordPress membership-simplified-for-oap-members-only version 1.58 plugin, which stems from the program failing to detect whether a user is...