|
2291
|
7.5 |
HIGH
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret ($objClone->myKey, a constant md5($g…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-43873
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2292
|
6.8 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=<e…
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-43875
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2293
|
5.3 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter…
|
CWE-940
Improper Verification of Source of a Communication Channel
|
CVE-2026-43880
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2294
|
8.2 |
HIGH
Network
|
-
|
-
|
Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing t…
|
CWE-269
Improper Privilege Management
|
CVE-2026-43886
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2295
|
5.3 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/users.json.php exposes two unauthenticated paths that disclose the full set of registered user accounts. Th…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-43881
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2296
|
7.7 |
HIGH
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, two endpoints (plugin/AI/receiveAsync.json.php and objects/EpgParser.php) in AVideo call isSSRFSafeURL() to validat…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-43884
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2297
|
8.7 |
HIGH
Network
|
-
|
-
|
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndEx…
|
CWE-22
Path Traversal
|
CVE-2026-43888
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2298
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifie…
|
CWE-863
Incorrect Authorization
|
CVE-2026-43889
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2299
|
9.6 |
CRITICAL
Network
|
-
|
-
|
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerabl…
|
CWE-20
Improper Input Validation
|
CVE-2026-43899
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2300
|
9.3 |
CRITICAL
Network
|
-
|
-
|
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepanc…
|
CWE-79
Cross-site Scripting
|
CVE-2026-43900
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
