24h | 7d | 30d

Overview

  • WWBN
  • AVideo

27 Mar 2026
Published
27 Mar 2026
Updated

CVSS v3.1
CRITICAL (9.1)
EPSS
0.04%

KEV

Description

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `Live_schedule::keyExists()` method constructs a SQL query by interpolating a stream key directly into the query string without parameterization. This method is called as a fallback from `LiveTransmition::keyExists()` when the initial parameterized lookup returns no results. Although the calling function correctly uses parameterized queries for its own lookup, the fallback path to `Live_schedule::keyExists()` undoes this protection entirely. This vulnerability is distinct from GHSA-pvw4-p2jm-chjm, which covers SQL injection via the `live_schedule_id` parameter in the reminder function. This finding targets the stream key lookup path used during RTMP publish authentication. As of time of publication, no patched versions are available.

Statistics

  • 1 Post

Last activity: 13 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-34374 in WWBN AVideo ≤26.0 allows unauthenticated SQL injection via stream key lookup during RTMP authentication. No patch out yet. Restrict access, use WAFs, & monitor logs. Details: radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Barracuda
  • Barracuda Email Security Gateway

24 May 2023
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.4)
EPSS
90.02%

Description

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

The latest Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

Check it out at rapid7.com/blog/post/pt-metasp

  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Red Hat
  • Red Hat OpenShift Dev Spaces (RHOSDS) 3.22
  • devspaces/code-rhel9

13 Jan 2026
Published
21 Jan 2026
Updated

CVSS
Pending
EPSS
44.19%

KEV

Description

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333.

Statistics

  • 1 Post

Last activity: 20 hours ago

Fediverse

Profile picture fallback

The latest Wrapup is here! 🎉 This week brings enhanced SMB NTLM relaying for better client compatibility (including smbclient), plus new modules for RCE in Eclipse Che (CVE-2025-12548), Barracuda ESG command injection (CVE-2023-2868), and an ESC/POS printer injector.

Check it out at rapid7.com/blog/post/pt-metasp

  • 0
  • 0
  • 0
  • 20h ago
Showing 31 to 33 of 33 CVEs