CVE-2026-35452

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesyste...

CVE-2026-35452

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35452 due to unauthenticated access to CloneSite/plugin/CloneSite/client.log.php, which serves clone operation logs containing internal filesystem paths, remote server URLs, and SSH metadata. The vulnerability arises because this endpo...

AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php

Summary The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without any authentication. Every other endpoint in the CloneSite plugin directory enforces User::isAdmin. The log contains internal filesystem paths, remote server URLs, and SSH connection metadata. Details...

PT-2026-30336

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The plugin/CloneSite/client.log.php endpoint serves the clone operation log file without authentication. Other endpoints in the CloneSite plugin directory enforce User::isAdmin. The log contains...

CVE-2026-34359

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured...

CVE-2025-59088 Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

bind9.16 security update

32:9.16.23-0.22.4 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Address various spoofing attacks CVE-2025-40778 - Replace downstream fixes with upstream changes 32:9.16.23-0.22.3 - Update addresses of b.root-servers.net RHEL-18449...

CVE-2025-50110

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...

CVE-2025-50110

CVE-2025-50110 affects AVTECH EagleEyes Lite 2.0.0. The GetHttpsResponse method transmits sensitive data (internal server URLs, account IDs, passwords, device tokens) as plaintext in URL query parameters over HTTPS, creating a cleartext leakage risk and credential exposure. The vulnerability is d...

Webvendome 路径遍历漏洞

Webvendome is an application from Webvendome, Inc. Webvendome suffers from a path traversal vulnerability that stems from an internal server IP and full path disclosure, which can be exploited by an attacker to send GET requests...

Unspecified Vulnerability in Mattermost Mobile Apps (CNVD-2020-35355)

Mattermost Mobile Apps is a messaging mobile application from Mattermost USA. A security vulnerability exists in Mattermost Mobile Apps versions prior to 1.26.0, which stems from the fact that sensitive information, such as server addresses and message content, is stored in local device logs and...

Information disclosure

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information e.g., server addresses or message content...

Who’s Behind the Screencam Extortion Scam?

The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it's likely that additional spammers and scammers piled on with...