70 matches found
CVE-2026-7637
The CVE-2026-7637 entry concerns the Boost plugin for WordPress (versions up to and including 2.0.3). The vulnerability is a PHP Object Injection via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. It requires no authenticated privileges and no user interaction. The ...
PT-2026-42100
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST USER LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present...
Apache Polaris has an Improper Input Validation Issue
Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...
EUVD-2026-17658
AVideo: Reflected XSS via Unescaped ip Parameter in UserLocation testIP.php...
GHSA-JQRJ-CHH6-8H78 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
Summary The UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTML and JavaScript via a crafted URL. Although the page is restricte...
Cross-site Scripting (XSS)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of the ip parameter in the UserLocation plugin's testIP.php process. An attacker can execute arbitrary JavaScript in the...
CVE-2026-34739
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...
CVE-2026-34739
The CVE concerns WWBN AVideo (open source video platform). In AVideo versions up to 26.0, the User_Location plugin’s testIP.php reflects the ip parameter directly into an HTML input without HTML-encoding, enabling reflected XSS. Although the page is admin-restricted, SameSite=None cookies enable ...
CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...
CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the UserLocation plugin's testIP.php page reflects the ip request parameter directly into an HTML input element without applying htmlspecialchars or any other output encoding. This allows an attacker to inject arbitrary HTM...
WWBN AVideo 跨站脚本漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from a lack of output encoding in the testIP.php page within the UserLocation plugin, which...
[SECURITY] Fedora 42 Update: opensips-3.5.9-2.fc42
OpenSIPS or Open SIP Server is a very fast and flexible SIP RFC3261 proxy server. Written entirely in C, opensips can handle thousands calls per second even on low-budget hardware. A C Shell like scripting language provides full control over the server's behaviour. It's modular architecture allow...
EUVD-2026-2722
In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2018-19669
Malware in sbrugna...
EUVD-2009-4595
Malware in sbrugna...
EUVD-2009-4594
Malware in sbrugna...
EUVD-2021-18691
Malware in sbrugna...
EUVD-2024-51251
Malicious code in bioql PyPI...
EUVD-2024-52580
Malicious code in bioql PyPI...
EUVD-2023-35532
Malicious code in bioql PyPI...