Vulnerability List - Page 83

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2026-43889	Outline: Unauthorized Document Publication via Mixed collectionId+documentId Share	outline	outline	Medium	6.5	2026-05-11 21:10:38	Deep Dive
CVE-2026-43888	Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import	outline	outline	High	8.7	2026-05-11 21:09:43	Deep Dive
CVE-2026-34961	barebox ext4 Extent Parsing Out-of-Bounds Read	barebox	barebox	Medium	6.2	2026-05-11 21:09:11	Deep Dive
CVE-2026-43890	Outline: IDOR in subscriptions.create allows cross-tenant subscription on private documents (sibling of GHSA-23jj-rp48-w7q7)	outline	outline	High	7.7	2026-05-11 21:09:00	Deep Dive
CVE-2026-43886	Outline: OAuth Scope Validation Logic Error Allows Privilege Escalation to Wildcard API Access	outline	outline	High	8.2	2026-05-11 21:06:17	Deep Dive
CVE-2026-43887	Outline: Stored XSS via Comment Mentions	outline	outline	High	7.3	2026-05-11 21:05:42	Deep Dive
CVE-2026-43893	exiftool-vendored: Argument injection via newline characters in tag names	photostructure	exiftool-vendored.js	High	8.2	2026-05-11 20:59:15	Deep Dive
CVE-2026-42600	MinIO: Path Traversal via msgpack Body in `ReadMultiple` Storage-REST Endpoint	minio	minio	-	-	2026-05-11 20:53:11	Deep Dive
CVE-2026-34960	barebox Out-of-Bounds Read in DHCP Option Parsing	barebox	barebox	Medium	6.5	2026-05-11 20:49:02	Deep Dive
CVE-2026-43885	WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization	WWBN	AVideo	-	-	2026-05-11 20:45:21	Deep Dive
CVE-2026-43884	WWBN AVideo: SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()	WWBN	AVideo	High	7.7	2026-05-11 20:44:08	Deep Dive
CVE-2026-43883	WWBN AVideo: IDOR in PayPalYPT agreementCancel.json.php Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements	WWBN	AVideo	Medium	4.2	2026-05-11 20:41:41	Deep Dive
CVE-2026-43882	WWBN AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing	WWBN	AVideo	Medium	4.3	2026-05-11 20:40:53	Deep Dive
CVE-2026-43881	WWBN AVideo: Unauthenticated User Enumeration in `objects/users.json.php` via `isCompany` Parameter Flips `$ignoreAdmin = true` and Defeats Admin-Only Listing Guard	WWBN	AVideo	Medium	5.3	2026-05-11 20:38:07	Deep Dive
CVE-2026-43880	WWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From Address	WWBN	AVideo	Medium	5.3	2026-05-11 20:37:16	Deep Dive
CVE-2026-43879	WWBN AVideo: Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass	WWBN	AVideo	Medium	5.4	2026-05-11 20:36:34	Deep Dive
CVE-2026-43878	WWBN AVideo: Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String Literal	WWBN	AVideo	Medium	6.1	2026-05-11 20:35:27	Deep Dive
CVE-2026-43877	WWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary Bytes	WWBN	AVideo	Medium	5.4	2026-05-11 20:34:43	Deep Dive
CVE-2026-43876	WWBN AVideo: HTML Injection in notifySubscribers.json.php Enables Platform-Branded Phishing Emails to Channel Subscribers	WWBN	AVideo	Medium	6.4	2026-05-11 20:33:26	Deep Dive
CVE-2026-43875	WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover	WWBN	AVideo	Medium	6.8	2026-05-11 20:32:06	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List - Page 83