2 matches found
CVE-2026-33647
WWBN AVideo (versions up to 26.0) is affected by a RCE in ImageGallery::saveFile(), where MIME-type validation via finfo passes a polyglot file with a .php extension because the saved filename extension is derived from the user-provided name without an allowlist. An attacker can upload a file wit...
UBUNTU-CVE-2019-19916
In Midori Browser 0.5.11 on Windows 10, Content Security Policy CSP is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting XSS and other...