CVE-2026-34394

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

CVE-2026-34562

CVE-2026-34562 affects CI4MS (CodeIgniter 4-based CMS skeleton). Root cause:** improper sanitization/output encoding of admin-configurable input in System Settings – Company Information, allowing attacker-controlled data to be stored server-side and rendered unsafely. Impact described as vulnerab...

CVE-2026-34394

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

CVE-2026-34394 AVideo: CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

CVE-2026-34394 AVideo: CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

PT-2026-29352

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description AVideo’s admin plugin configuration endpoint admin/save.json.php is susceptible to cross-site request forgery CSRF attacks due to the absence of CSRF token validation. The application's configuration...

EUVD-2021-16596

Malware in sbrugna...

SOPlanning 1.52.00 Cross Site Scripting

Exploit Title: SOPlanning v1.52.00 'groupesave.php' XSS Reflected XSS Application: SOPlanning Version: 1.52.00 Date: 4/22/24 Exploit Author: Joseph McPeters Liquidsky Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/ Tested on: Linux CVE:...

Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

A critical security bug affecting Cisco’s Unified Contact Center Enterprise UCCE portfolio could allow privilege-escalation and platform takeover. Cisco UCCE is an on-premises customer-service platform capable of supporting up to 24,000 customer-service agents using channels that include inbound...