WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

Summary objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storage path. The vulnerable GIF branch could be abused to read local...

CVE-2026-39369 WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

CVE-2026-39369

WWBN AVideo (versions 26.0 and earlier) contains a vulnerability in objects/aVideoEncoderReceiveImage.json.php that allows an authenticated uploader to fetch attacker-controlled same-origin /videos/ URLs and bypass traversal scrubbing. This can expose server-local files (e.g., /etc/passwd or appl...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation of untrusted inputs in WebSockets, allowing remote attackers to bypass the...

GHSA-8M32-P958-JG99 Directus: Missing Cross-Origin Opener Policy

Summary Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retains the ability to access and manipulate the window object of that page. An attacker can...

Directus: Missing Cross-Origin Opener Policy

Summary Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retains the ability to access and manipulate the window object of that page. An attacker can...

PT-2026-30325

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.17.0 Description Directus SSO login pages were missing the Cross-Origin-Opener-Policy COOP HTTP response header. This allowed a malicious cross-origin window to access and manipulate the window object of the...

CVE-2026-34742

A flaw was found in the Model Context Protocol MCP Go SDK. When an HTTP-based MCP server is run on localhost without authentication, a malicious website can exploit a DNS rebinding vulnerability. This allows the attacker to bypass same-origin policy restrictions and send requests to the local MCP...

Astra Linux – Vulnerability in Firefox

Bypass of the same-origin policy in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass the same-origin policy through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Firefox

Bypass of the same-origin policy in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

SUSE CVE-2026-20643

A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS, and macOS, Safari 26.4, iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Methods Management process. An attacker can execute arbitrary JavaScript code in the context of administrative interfaces and global...

Linux Distros Unpatched Vulnerability : CVE-2026-20643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS, iPadOS...

CVE-2026-33976

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

CVE-2026-3846

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...

CVE-2026-20643

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Lin...

CVE-2026-33749

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

About the security content of Safari 26.4

About the security content of Safari 26.4 This document describes the security content of Safari 26.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation

Summary The redirectBack utility in h3 validates that the Referer header shares the same origin as the request before using its pathname as the redirect Location. However, the pathname is not sanitized for protocol-relative paths starting with //. An attacker can craft a same-origin URL with a...