|
251
|
6.5 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for `objects/aVideoEncoderReceiveImage.json.php` only checks the U…
New
|
CWE-22
Path Traversal
|
CVE-2026-41062
|
2026-04-25 00:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
5.4 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` regex at `objects/video.php:918` uses `/^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}/` without a `$` end anchor,…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-41061
|
2026-04-25 00:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
6.5 |
MEDIUM
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` function in `objects/functions.php` contains a same-domain shortcircuit (lines 4290-4296) that allows a…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41060
|
2026-04-25 00:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
8.1 |
HIGH
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does not apply path traversal filtering, allowing `unlink()`…
New
|
CWE-22
Path Traversal
|
CVE-2026-41058
|
2026-04-25 00:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
7.1 |
HIGH
Network
|
wwbn
|
avideo
|
WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit `986e64aad` is incomplete. Two separate code paths still reflect arbitrary `Origin` …
New
|
CWE-346
Origin Validation Error
|
CVE-2026-41057
|
2026-04-25 00:07 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
7.8 |
HIGH
Local
|
-
|
-
|
radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with …
New
|
CWE-78
OS Command
|
CVE-2026-40517
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
8.1 |
HIGH
Network
|
-
|
-
|
Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in Gra…
New
|
CWE-470
Unsafe Reflection
|
CVE-2026-41175
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
- |
|
-
|
-
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41312
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
- |
|
-
|
-
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a…
New
|
CWE-834
Excessive Iteration
|
CVE-2026-41313
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
- |
|
-
|
-
|
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-41314
|
2026-04-24 23:50 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
