Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vulnerability List - Page 60

CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-5845 Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise Server GitHubEnterprise Server--2026-04-21 22:42:13 Deep Dive
CVE-2026-41057 AVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API Responses WWBNAVideo High 7.1 2026-04-21 22:37:16 Deep Dive
CVE-2026-41056 AVideos has CORS Origin Reflection with Credentials on Sensitive API Endpoints that Enables Cross-Origin Account Takeover WWBNAVideo High 8.1 2026-04-21 22:35:56 Deep Dive
CVE-2026-41055 AVideo has an incomplete fix for CVE-2026-33039 (SSRF) WWBNAVideo High 8.6 2026-04-21 22:25:45 Deep Dive
CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers GitHubEnterprise Server--2026-04-21 22:23:25 Deep Dive
CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure WWBNAVideo Medium 5.3 2026-04-21 22:21:17 Deep Dive
CVE-2026-40929 WWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators WWBNAVideo Medium 5.4 2026-04-21 22:16:55 Deep Dive
CVE-2026-40928 AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion WWBNAVideo Medium 5.4 2026-04-21 22:14:15 Deep Dive
CVE-2026-5512 Improper authorization vulnerability in GitHub Enterprise Server allowed disclosure of private repository names via mobile upload policy API GitHubEnterprise Server--2026-04-21 22:12:58 Deep Dive
CVE-2026-4296 Incorrect Regular Expression vulnerability in GitHub Enterprise Server allowed unauthorized access to user accounts via OAuth callback URL validation bypass GitHubEnterprise Server--2026-04-21 22:12:45 Deep Dive
CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script) WWBNAVideo High 7.1 2026-04-21 22:12:29 Deep Dive
CVE-2026-4821 Proxy configuration command injection vulnerability found in GitHub Enterprise Server Management Console configuration API GitHubEnterprise Server--2026-04-21 22:12:27 Deep Dive
CVE-2026-5921 Server-Side Request Forgery in GitHub Enterprise Server allowed extraction of sensitive environment variables via timing side-channel attack GitHubEnterprise Server--2026-04-21 22:11:02 Deep Dive
CVE-2026-6832 Nesquena Hermes WebUI Arbitrary File Deletion via Unvalidated session_id nesquenahermes-webui High 8.1 2026-04-21 21:44:55 Deep Dive
CVE-2026-1354 Zero Motorcycles Firmware Key Exchange without Entity Authentication Zero MotorcyclesZero Motorcycles firmware Medium 6.4 2026-04-21 21:43:53 Deep Dive
CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch nesquenahermes-webui Low 3.3 2026-04-21 21:33:29 Deep Dive
CVE-2026-40946 Oxia: OIDC token audience validation bypass via SkipClientIDCheck oxia-dboxia--2026-04-21 21:18:12 Deep Dive
CVE-2026-40945 Oxia: Bearer token exposed in debug log messages on authentication failure oxia-dboxia--2026-04-21 21:16:28 Deep Dive
CVE-2026-40944 Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles oxia-dboxia--2026-04-21 21:14:57 Deep Dive
CVE-2026-40943 Oxia: Server crash via race condition in session heartbeat handling oxia-dboxia--2026-04-21 21:13:32 Deep Dive