WordPress Accordions - Unauthenticated Settings Update

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin = 2.0.2 at WordPress. id: CVE-2022-33198 info: name: WordPress Accordions - Unauthenticated Settings Update author: riteshs4hu severity: critical description: | Unauthenticated WordPress Options Change...

CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...

CVE-2026-40926

WWBN AVideo

CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and...

PT-2026-34197

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description Cross-Site Request Forgery occurs in three admin-only JSON endpoints: 'objects/categoryAddNew.json.php', 'objects/categoryDelete.json.php', and 'objects/pluginRunUpdateScript.json.php'. These...

GHSA-FFW8-FWXP-H64W WWBN AVideo has Multiple CSRF Vulnerabilities in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

Summary Three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and perform state-changing actions against the database without calling...

WWBN AVideo has Multiple CSRF Vulnerabilities in Admin JSON Endpoints (Category CRUD, Plugin Update Script)

Summary Three admin-only JSON endpoints — objects/categoryAddNew.json.php, objects/categoryDelete.json.php, and objects/pluginRunUpdateScript.json.php — enforce only a role check Category::canCreateCategory / User::isAdmin and perform state-changing actions against the database without calling...

Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of certain admin JSON endpoints, specifically categoryAddNew.json.php, categoryDelete.json.php, and...

[SECURITY] Fedora 43 Update: gstreamer1-plugin-libav-1.26.11-1.fc43

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

SUSE-RU-2026:20677-1 Recommended update for open-vm-tools

This update for open-vm-tools fixes the following issues: - update to 13.0.10 based on build 25056151 boo1257357: There are no new features in the open-vm-tools 13.0.10 release. This is primarily a maintenance release that addresses a fix. A minor enhancement has been made for Guest OS...

[SECURITY] Fedora 43 Update: zathura-pdf-mupdf-0.4.4-9.fc43

This plugin adds PDF support to zathura using the mupdf rendering engine...

CVE-2025-59467

A Cross-Site Scripting XSS vulnerability in the UCRM Argentina AFIP invoices Plugin v1.2.0 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. Affected Products: UCRM Argentina AFIP invoices Plugin...

openSUSE 16 Security Update : shadowsocks-v2ray-plugin, v2ray-core (openSUSE-SU-2025:20128-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20128-1 advisory. Changes in shadowsocks-v2ray-plugin: - Update version to 5.25.0 Update v2ray-core to v5.25.0 - Add update-vendor.patch, update v2ray-core to...

Fedora 44 : python-mkdocs-include-markdown-plugin (2025-0ec38c29fa)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-0ec38c29fa advisory. Automatic update for python-mkdocs-include-markdown-plugin-7.2.0-1.fc44. Changelog Mon Nov 24 2025 Michel Lind - 7.2.0-1 - Update to 7.2.0 - Resolves:...

PT-2025-44236

Name of the Vulnerable Software and Affected Versions Doppler Forms WordPress plugin versions through 2.5.1 Description The Doppler Forms WordPress plugin registers an AJAX action, install extension, without proper verification of user capabilities or the use of a nonce. This allows any...

[SECURITY] Fedora 43 Update: docker-buildx-0.29.1-1.fc43

Docker CLI plugin for extended build capabilities with BuildKit...

PT-2025-43595

Name of the Vulnerable Software and Affected Versions AIO Forms – Craft Complex Forms Easily plugin for WordPress versions through 1.3.15 Description The AIO Forms – Craft Complex Forms Easily plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation...

EUVD-2017-7303

Malware in sbrugna...

EUVD-2024-33510

Malicious code in bioql PyPI...

EUVD-2023-48620

Malicious code in bioql PyPI...