CVE-2026-34364 AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is...

CVE-2026-34364

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is...

CVE-2026-34364 AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is...

CVE-2026-34364 AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is...

CVE-2026-34364

creationtimestamp| type| source ---|---|--- 2026-03-27 13:50:28+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-73gr-r64q-7jh4...

Tenable.ad < 3.59.5 Multiple Vulnerabilities (TNS-2024-11)

The version of Tenable.ad installed on the remote host is prior to 3.59.5. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-11 advisory. - The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of...

CVE-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response

Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory OOM vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer...

CVE-2024-34364

Envoy (the cloud-native proxy) is affected by CVE-2024-34364: an out-of-memory (OOM) condition caused by the async HTTP client buffering the mirror response with an unbounded buffer. This unbounded buffering can lead to memory exhaustion and potential DoS. Public documents attribute the issue to ...

CVE-2023-34364

Progress DataDirect Connect for ODBC (Oracle) prior to 08.02.2770 contains a buffer overflow caused by overly large option values in a connection string, overrunning the processing buffer and enabling remote code execution. The root cause is improper bounds checking on certain connection-string o...

CVE-2023-34364

A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an...

CVE-2022-34364

Dell BSAFE SSL-J contains a vulnerability where a debug message may disclose unnecessary information to a locally privileged user. Affected products are Dell BSAFE SSL-J prior to 6.5 and version 7.0. Root cause is exposure of debug information; impact is confidentiality loss (C:H) with no integri...

CVE-2021-34364

The Refined GitHub browser extension before 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns...

CVE-2021-34364

The CVE-2021-34364 entry concerns Refined GitHub browser extension prior to version 21.6.8, where a cross-site scripting (XSS) vulnerability can be triggered by a link in a document. The affected software is the Refined GitHub browser extension, with the vulnerability described as XSS via a link ...

CVE-2025-34364

CVE-2025-34364 is rejected/not used and does not represent an active vulnerability entry.

CVE-2025-34364

...