WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services

The Live restream log callback flow accepted an attacker-controlled restreamerURL and later fetched that stored URL server-side, enabling stored SSRF for authenticated streamers. The vulnerable flow allowed a low-privilege user with streaming permission to store an arbitrary callback URL and...

PT-2026-30987

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Live restream log callback flow accepted an attacker-controlled restreamerURL and later fetched that stored URL server-side, enabling stored SSRF for authenticated streamers. The vulnerable flow allowed a low-privilege...

CVE-2026-27599

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Mail Settings. Several configuration...

PT-2023-18624 · Plane · Plane

Name of the Vulnerable Software and Affected Versions: Plane version 0.7.1 Description: The issue allows an unauthenticated attacker to view all stored server files of all users. Recommendations: For Plane version 0.7.1, update to a version that contains a fix for this issue, as the current versi...

Canon Oce ColorWave 3500 Security Breach

The Canon Oce ColorWave 3500 is a color printer from Canon Japan. The device is based on solid ink bead printing technology and image logic scanning processing, integrating CAD, GIS and full-coverage, full-color image printing in a single device to provide more professional functionality for the...

Opmantek NMIS Multiple Vulnerabilities

Opmantek NMIS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:opmantek:nmis"; if descriptio...

ZyXEL SBG-3300 Security Gateway Cross Site Scripting Vulnerability

ZyXEL SBG-3300 Security Gateway suffers from a cross site scripting vulnerability. Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7277 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time o...

CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway

Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7277 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time of disclosure V1.00AADY.4C0 and below tested Patch: Unpatched Authored by: Mirko...

ZyXEL SBG-3300 Security Gateway Cross Site Scripting

Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway Date: 02/10/2014 CVE-ID: CVE-2014-7277 Product: ZyXEL SBG3300-N series Vendor: www.zyxel.com Affected Firmware: Latest version at the time of disclosure V1.00AADY.4C0 and below tested Patch: Unpatched Authored by: Mirko...