CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

WWBN AVideo 信息泄露漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo 25.0 and earlier contained a vulnerability related to information leakage. This vulnerability stemmed from the password hashing algorithm exposed in the /objects/encryptPass.json.ph...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo 25.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /objects/phpsessionid.json.php file exposing the PHP session ID, along with improper...

EUVD-2026-10418

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

PT-2026-24090

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 25.0 Description The /objects/playlistsFromUser.json.php endpoint does not require authentication or authorization, allowing an unauthenticated attacker to enumerate user IDs and retrieve playlist information, includin...

CVE-2025-30758

Vulnerability in the Siebel CRM End User product of Oracle Siebel CRM component: User Interface. Supported versions that are affected are 25.0-25.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM End User. Successful attacks ...

Oracle Siebel CRM 信息泄露漏洞

Oracle Siebel CRM is a set of customer relationship management solutions from Oracle USA. The solution includes modules for sales management, marketing management, customer service system, and call center. A security vulnerability exists in Oracle Siebel CRM for Siebel CRM End User versions 25.0 ...

CVE-2024-52921

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block...

PT-2024-10274 · Adobe · Premiere Pro

Name of the Vulnerable Software and Affected Versions: Adobe Premiere Pro versions 25.0, 24.6.3 and earlier Description: The issue is a Heap-based Buffer Overflow that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction...

Adobe Media Encoder 安全漏洞

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. A heap buffer overflow vulnerability exists in Adobe Media Encoder versions 25.0 and earlier and 24.6.3 and earlier, which originates from a boundary error when the application processes...

Cross site scripting

Adobe Photoshop versions 24.7.1 and earlier and 25.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

PT-2023-7139 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 24.7.1 and earlier Adobe Photoshop versions 25.0 and earlier Description: The issue is related to an out-of-bounds read in memory, which could allow an attacker to bypass the Address Space Layout Randomization ASLR...

PT-2023-7138 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 24.7.1 and earlier Adobe Photoshop versions 25.0 and earlier Description: The issue is related to an out-of-bounds read in memory, which could allow an attacker to bypass the Address Space Layout Randomization ASLR...

Nextcloud 操作系统命令注入漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An operating system command injection vulnerability exists in Nextcloud server, which stems from an unvalidated workflow scope of operation that results in the...

CVE-2023-22852

Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-importsheet.php...

Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-4104)

Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by...

Adobe Illustrator Multiple Remote Code Execution Vulnerabilities (APSB20-53) - Windows

Adobe Illustrator is prone to multiple code execution vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...