CVE-2026-34716

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the jQuery Toast Plugin, passing the caller's display name directly as the heading parameter. The toast plugin constructs the heading as...

Linux Distros Unpatched Vulnerability : CVE-2026-5281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via...

Linux Distros Unpatched Vulnerability : CVE-2026-5285

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-34982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user...

Linux Distros Unpatched Vulnerability : CVE-2026-5278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2026-5291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from proces...

Linux Distros Unpatched Vulnerability : CVE-2026-5283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2026-34739

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...

CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

CVE-2026-34716 AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the jQuery Toast Plugin, passing the caller's display name directly as the heading parameter. The toast plugin constructs the heading as...

CVE-2026-34394 AVideo: CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

CVE-2026-34243

CVE-2026-34243 affects the Wenxian tool (versions up to 0.3.1 and earlier) where a GitHub Actions workflow uses untrusted input from issue_comment.body directly inside a shell command, enabling command injection and potential arbitrary code execution on the runner. The vulnerability stems from in...

CVE-2026-34036

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. In versions 22.0.4 and prior, there is a Local File Inclusion LFI vulnerability in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc parameter and exploiting...

PT-2026-29445

@jxnlco @emilyzsh I think he is referring to that recent CVE-2026-4417 — OpenAI Codex vulnerability where excessive usefulness leads to immediate $200/month spend escalation. No patch available; users report “this is actually worth it” before wallet compromise...

Linux Distros Unpatched Vulnerability : CVE-2026-5037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing ...

Linux Distros Unpatched Vulnerability : CVE-2017-20225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary chec...

CVE-2026-33697

Cocos AI is a confidential computing system for AI. The current implementation of attested TLS aTLS in CoCoS is vulnerable to a relay attack affecting all versions from v0.4.0 through v0.8.2. This vulnerability is present in both the AMD SEV-SNP and Intel TDX deployment targets supported by CoCoS...

Linux Distros Unpatched Vulnerability : CVE-2026-4726

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. CVE-2026-4726 Note that Nessus relies on the presence o...

Linux Distros Unpatched Vulnerability : CVE-2026-4725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. CVE-2026-4725 Note th...