GHSA-CMCR-Q4JF-P6Q9 WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

Summary The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and...

WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and stores it ...

CVE-2026-27732

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...

CVE-2026-27732

creationtimestamp| type| source ---|---|--- 2026-02-24 17:06:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfmnnnurux2x 2026-02-25 20:06:43+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfpi7if4lr2n 2026-02-25 20:07:53+00:00| seen|...

CVE-2026-27732

WWBN AVideo contains an SSRF vulnerability in the aVideoEncoder.json.php endpoint prior to version 22.0. The endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list, enabling authenticated users to trigger requests to arb...

EUVD-2020-27732

Malware in sbrugna...

CVE-2025-27732 Windows Graphics Component Elevation of Privilege Vulnerability

...

CVE-2025-27732

CVE-2025-27732 is a Windows Graphics Component Elevation of Privilege vulnerability in the Win32K GRFX subsystem. The flaw stems from Sensitive data stored in improperly locked memory in the GRFX path, enabling an authorized, local attacker to elevate privileges. The vulnerability affects Windows...

CVE-2025-27732 Windows Graphics Component Elevation of Privilege Vulnerability

...

CVE-2025-27732

creationtimestamp| type| source ---|---|--- 2025-04-08 16:14:25+00:00| seen| https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review 2025-05-19 23:03:00+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3lpkokz2bns24...

KLA82444 PE vulnerability in Microsoft Products (ESU)

An elevation of privilege vulnerability was found in Microsoft Products Extended Security Update. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-27732 Related products Microsoft-Windows Microsoft-Windows-Server Microsoft-Windows-Server-2012...

CVE-2020-27732

CVE-2020-27732 entry is rejected/not used per the initial description.