2 matches found
CVE-2026-33512
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly e.g., view/url2Embed.json.php, so any user can recover...
CVE-2026-33512
creationtimestamp| type| source ---|---|--- 2026-03-20 21:45:54+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-mwjc-5j4x-r686 2026-03-23 19:23:09+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqrvjxw3h2u 2026-03-23 19:40:41+00:0...