|
4101
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file throug…
|
CWE-94
Code Injection
|
CVE-2026-42607
|
2026-05-12 23:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4102
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without…
|
CWE-20
CWE-862
Improper Input Validation
Missing Authorization
|
CVE-2026-42613
|
2026-05-12 23:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4103
|
- |
|
-
|
-
|
The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload (GHSA-w4rc-p66m-x6qq). Public form uploads now s…
|
CWE-73
External Control of File Name or Path
|
CVE-2026-42845
|
2026-05-12 23:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4104
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking w…
|
CWE-863
Incorrect Authorization
|
CVE-2026-42884
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4105
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely …
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-42886
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4106
|
4.5 |
MEDIUM
Network
|
-
|
-
|
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLogin…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42887
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4107
|
6.1 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript do…
|
CWE-79
Cross-site Scripting
|
CVE-2026-43878
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4108
|
7.2 |
HIGH
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, the server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink (from CVE-2026-40911) only strips the pay…
|
CWE-94
Code Injection
|
CVE-2026-43874
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4109
|
7.5 |
HIGH
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret ($objClone->myKey, a constant md5($g…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-43873
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4110
|
6.8 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=<e…
|
CWE-598
Information Exposure Through Query Strings in GET Request
|
CVE-2026-43875
|
2026-05-12 23:50 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
