Lucene search
K

9 matches found

EUVD
EUVD
added 2026/04/01 9:5 p.m.9 views

EUVD-2026-17650

AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints...

7.5CVSS5.8AI score0.00376EPSS
Exploits1References3
NVD
NVD
added 2026/03/31 9:16 p.m.5 views

CVE-2026-34732

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...

7.5CVSS0.00376EPSS
Exploits1References1
CVE
CVE
added 2026/03/31 8:51 p.m.12 views

CVE-2026-34732

CVE-2026-34732 concerns WWBN AVideo. Red Hat, OSV, CVE listings confirm that versions up to 26.0 contain a missing authentication/authorization check in the CreatePlugin template’s list.json.php, unlike add.json.php and delete.json.php which require admin rights. This omission creates 21 unauthen...

7.5CVSS5.9AI score0.00376EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29362

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...

7.5CVSS5.9AI score0.00376EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:46 p.m.11 views

CVE-2026-30932

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

8.6CVSS5.8AI score0.00544EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.10 views

PT-2026-27480

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.5 Description The DomainZones.add API endpoint, accessible to customers with DNS enabled, does not validate the content field for specific DNS record types LOC, RP, SSHFP, TLSA. This allows an attacker to inject...

8.8CVSS5.9AI score0.00544EPSS
Exploits1References17
SUSE CVE
SUSE CVE
added 2024/08/06 4:49 a.m.6 views

SUSE CVE-1999-0184

When compiled with the -DALLOWUPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records...

6.4CVSS6.9AI score0.01909EPSS
Exploits0References2
Circl
Circl
added 2023/12/22 5:57 p.m.9 views

CVE-2018-8823

creationtimestamp| type| source ---|---|--- 2023-12-22 17:57:58+00:00| seen| https://t.me/arpsyndicate/2061 2023-12-22 18:52:54+00:00| seen| https://t.me/arpsyndicate/2062 2024-11-26 09:06:49+00:00| seen| MISP/d0f67a25-b270-45aa-a235-c5da1f5eb45f...

9.8CVSS8.7AI score0.51572EPSS
Exploits1References2
OSV
OSV
added 2014/04/26 1:55 a.m.7 views

UBUNTU-CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS5.8AI score0.01218EPSS
Exploits0References4
Rows per page
Query Builder