9.1
CVE-2026-40575 - OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route` is configured. An attacker can spoof this header sโฆ
8.2
CVE-2026-41059 - OAuth2 Proxy has an Authentication Bypass via Fragment Confusion in skip_auth_routes and skip_auth_โฆ
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when all of the following are true: Use of `skip_auth_routes` or the legacy `skip_auth_regex`; use of patโฆ
8.9
CVE-2026-41304 - WWBN AVideo vulnerable to RCE caused by clonesite plugin
WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php` endpoint in the CloneSite plugin constructs shell commands using user-controlled input (`url` parameter) without proper sanitization. The input is directly concatenated into a `wget` command executeโฆ
9.3
CVE-2026-41064 - AVideo has an incomplete fix for CVE-2026-33502 (Command Injection)
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget but leaves the `file_get_contents` and `curl` code paths unsanitized, and the URL validation regex `/^http/` accepts strings like `httpevil[.]โฆ
5.4
CVE-2026-41063 - WWBN AVideo has incomplete fix for CVE-2026-33500 (XSS)
WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's `ParsedownSafeWithLinks` class overrides `inlineMarkup` for raw HTML but does not override `inlineLink()` or `inlineUrlTag()`, allowing `javascript:` URLs in markdown link syntax to bypass saโฆ
6.5
CVE-2026-41062 - WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImageโฆ
WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for `objects/aVideoEncoderReceiveImage.json.php` only checks the URL path component (via `parse_url($url, PHP_URL_PATH)`) for `..` sequences. However, the downstream โฆ
5.4
CVE-2026-41061 - WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver
WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` regex at `objects/video.php:918` uses `/^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}/` without a `$` end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duratiโฆ
7.7
CVE-2026-41060 - AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL
WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` function in `objects/functions.php` contains a same-domain shortcircuit (lines 4290-4296) that allows any URL whose hostname matches `webSiteRootURL` to bypass all SSRF protections. Because the check comโฆ
8.1
CVE-2026-41058 - AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo
WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite `deleteDump` parameter does not apply path traversal filtering, allowing `unlink()` of arbitrary files via `../../` sequences in the GET parameter. Commit 3c729717c26f160014a5c86b0b6aโฆ
7.2
CVE-2026-5845 - Improper authorization fallback allows scoped user-to-server token installation escape in GitHub Enโฆ
An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server allows an authenticated attacker to access private repositories outside the intended installation scope, which can include write operations, via an authorization fallback that treโฆ