EUVD-2026-13917

🗓️ 26 Mar 2026 17:38:10Reported by EUVDType

Unauthenticated access to the permissions list in AVideo up to version 26.0; admin checks are missing.

Reporter	Title	Published	Views	Family All 114
ATTACKERKB	CVE-2026-33504	26 Mar 202617:38	–	attackerkb
ATTACKERKB	CVE-2026-42313	11 May 202616:30	–	attackerkb
ATTACKERKB	CVE-2026-35464	7 Apr 202614:38	–	attackerkb
ATTACKERKB	CVE-2026-42312	11 May 202616:32	–	attackerkb
ATTACKERKB	CVE-2026-45306	28 May 202617:12	–	attackerkb
ATTACKERKB	CVE-2026-33501	23 Mar 202616:28	–	attackerkb
ATTACKERKB	CVE-2026-33503	26 Mar 202617:32	–	attackerkb
ATTACKERKB	CVE-2026-33508	24 Mar 202618:21	–	attackerkb
ATTACKERKB	CVE-2026-3350	20 Mar 202623:25	–	attackerkb
ATTACKERKB	CVE-2026-33509	24 Mar 202618:55	–	attackerkb

[
  {
    "enisaIdVendor": [
      {
        "id": "030567a6-2c62-3f43-9ed6-70565a4b6d25",
        "vendor": {
          "name": "ory"
        }
      },
      {
        "id": "18c9fa4b-8958-33e0-ac83-b066e37b8a2b",
        "vendor": {
          "name": "WWBN"
        }
      },
      {
        "id": "6ec9a435-223e-3270-b4d8-75da4cdcde2e",
        "vendor": {
          "name": "pyload"
        }
      },
      {
        "id": "bfc8cc5f-a335-30ed-985f-57dc684cf073",
        "vendor": {
          "name": "parse-community"
        }
      },
      {
        "id": "c5cd50a5-6b00-3e20-a87e-af1af070c7b1",
        "vendor": {
          "name": "WPSAAD"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "0b370b33-faf6-3067-8de2-4e75435d8e5a",
        "product": {
          "name": "Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI"
        },
        "product_version": "* ≤1.8.2"
      },
      {
        "id": "7975608a-ffb6-378f-adaf-548808cdedf3",
        "product": {
          "name": "hydra"
        },
        "product_version": "< 26.2.0"
      },
      {
        "id": "afd0f895-1261-32e2-bbc0-bbac76896f86",
        "product": {
          "name": "parse-server"
        },
        "product_version": "9.0.0, < 9.6.0-alpha.45"
      },
      {
        "id": "bbd72e2d-abe5-3b15-8640-0793c0aef59e",
        "product": {
          "name": "parse-server"
        },
        "product_version": "< 8.6.56"
      },
      {
        "id": "dafc3d8b-e289-385e-abb9-b9488b24fb90",
        "product": {
          "name": "kratos"
        },
        "product_version": "< 26.2.0"
      },
      {
        "id": "dcba77d5-11a1-38b8-a2cd-0923e107cc41",
        "product": {
          "name": "pyload"
        },
        "product_version": "0.4.0, < 0.5.0b3.dev97"
      },
      {
        "id": "dd3503f9-a210-39ae-b2ab-0d7c6b64b773",
        "product": {
          "name": "AVideo"
        },
        "product_version": "≤ 26.0"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/cc09377b-f30b-414b-a551-d3689ddcc5a4
plugins	www.plugins.trac.wordpress.org/browser/alt-manager/tags/1.8.2/inc/alm-empty-generator.php
plugins	www.plugins.trac.wordpress.org/browser/alt-manager/tags/1.8.2/inc/alm-empty-generator.php
plugins	www.plugins.trac.wordpress.org/changeset
github	www.github.com/parse-community/parse-server/security/advisories/GHSA-6qh5-m6g3-xhq6
github	www.github.com/parse-community/parse-server/pull/10259
github	www.github.com/parse-community/parse-server/pull/10260
github	www.github.com/WWBN/AVideo/security/advisories/GHSA-96qp-8cmq-jvq8
github	www.github.com/ory/kratos/security/advisories/GHSA-hgx2-28f8-6g2r
github	www.github.com/pyload/pyload/security/advisories/GHSA-r7mc-x6x7-cqxx

26 Mar 2026 17:38Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.17.2 - 8.8

CVSS 48.2

EPSS0.00529

SSVC