Build software better, together

Security Advisories

View known security vulnerabilities and report new vulnerabilities privately to maintainers.

Report a vulnerability

Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration
GHSA-x3pr-vrhq-vq43 published Mar 20, 2026 by DanielnetoDotCom

High
PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin
GHSA-6m5f-j7w2-w953 published Mar 20, 2026 by DanielnetoDotCom

High
Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter
GHSA-8p58-35c3-ccxx published Mar 20, 2026 by DanielnetoDotCom

High
Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php
GHSA-vv7w-qf5c-734w published Mar 20, 2026 by DanielnetoDotCom

High
OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()
GHSA-pmj8-r2j7-xg6c published Mar 20, 2026 by DanielnetoDotCom

High
SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy
GHSA-p3gr-g84w-g8hh published Mar 20, 2026 by DanielnetoDotCom

High
PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin
GHSA-xggw-g9pm-9qhh published Mar 20, 2026 by DanielnetoDotCom

High
CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload
GHSA-hv36-p4w4-6vmj published Mar 20, 2026 by DanielnetoDotCom

High
Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection
GHSA-687q-32c6-8x68 published Mar 20, 2026 by DanielnetoDotCom

Critical
Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass
GHSA-5f7v-4f6g-74rj published Mar 19, 2026 by DanielnetoDotCom

Critical

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Reporting

Security Advisories

Security: WWBN/AVideo

Security Advisories