WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities stem from storing user-input category descriptions as raw HTML during Gallery view rendering. This allows...

EUVD-2026-31190

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile that leads to Local File Inclusion. The function calls extract$params, EXTROVERWRITE before the require statement that loads the view file. As a result, a...

CVE-2026-39850

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile that leads to Local File Inclusion. The function calls extract$params, EXTROVERWRITE before the require statement that loads the view file. As a result, a...

Yii 2: Local file inclusion via view parameter name collision

The core view rendering method View::renderPhpFile calls extract$params, EXTROVERWRITE before the require statement that includes the view file. A caller-controlled parameter named file in the $params array overwrites the internal local variable that specifies which file is included — enabling a...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the translation helpers translate, t, etc in Action Controller. An attacker can inject malicious scripts by using a key ending in html with a :default key that contains untrusted user input, if the resulting...

A Bootiful Podcast: Spring team legend Dr. David Syer on view rendering technologies, the latest-and-greatest, SpringOne 2023, and more

Hi, Spring fans! In this installment Josh Long talks to the legendary Dr. David Syer about view rendering technologies, SpringOne, and more. Have you registered for SpringOne yet? Are you interested in learning Spring? Check out Spring Academy...