CVE-2026-41653 BentoPDF: Stored XSS via Markdown Editor Leading to Persistent File Exfiltration

BentoPDF is a client-side PDF toolkit that is self hostable. Prior to version 2.8.3, a cross-site scripting vulnerability was identified in BentoPD. An attacker may be able to execute arbitrary JavaScript in certain circumstances in Markdown to PDF Tool. This issue has been patched in version 2.8...

CVE-2026-33717 AVideo Vulnerable to Remote Code Execution via Persistent PHP Temp File in Encoder downloadURL with Resolution Validation Abort

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing...

Researchers Outline Bugs in Yahoo, PayPal, Magento

Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, and phishing, among other consequences. Hadji Samir, Ebrahim Hegazy,...

Download Lite v4.3 iOS - Persistent File Web Vulnerability

Title: ====== Download Lite v4.3 iOS - Persistent File Web Vulnerability Date: ===== 2013-07-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1023 VL-ID: ===== 1023 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...

Download Lite 4.3 Cross Site Scripting

Title: ====== Download Lite v4.3 iOS - Persistent File Web Vulnerability Date: ===== 2013-07-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1023 VL-ID: ===== 1023 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...