Skip to content

arkmarta/CVE-Credits

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 

Repository files navigation

CVE Credits & Security Advisories

Vulnerabilities discovered and responsibly disclosed by Arkadiusz Marta.


Strapi

  • CVE-2025-3930 - Insufficient Session Expiration via JWT Token Reuse
  • CVE-2026-22707 - Upload Plugin MIME Validation Bypass via Content API

Payload CMS

QuickCMS

  • CVE-2025-12465 - Blind SQL Injection via aFilesDelete Parameter
  • CVE-2026-11860 - Insecure Deserialisation via Plaintext HTTP leading to Remote Code Execution

Quick.Cart

CVAT

AVideo

  • CVE-2026-27568 - Stored Cross-Site Scripting via Markdown Comment Injection
  • CVE-2026-27732 - Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php
  • CVE-2026-28501 - Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
  • CVE-2026-28502 - Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction
  • CVE-2026-50182 - Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery Pagination
  • CVE-2026-50183 - Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section
  • CVE-2026-54458 - Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin

AVideo-Encoder

  • CVE-2026-29058 - Unauthenticated OS Command Injection via base64Url in objects/getImage.php
  • CVE-2026-33024 - Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator
  • CVE-2026-33025 - Authenticated SQL Injection via ORDER BY Clause

CanaryTokens

  • CVE-2026-28355 - Stored Self Cross-Site Scripting in the PWA Canarytoken
  • CVE-2026-11859 - HTML Injection in the Canarytoken Links Email
  • CVE-2026-13140 - Stored Cross-Site Scripting in the Exposed AWS API Key Store

PluXML

Bludit

RaythaCMS

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors