4 matches found
CVE-2026-33294
WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with...
CVE-2026-33294 AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources
WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with...
CVE-2026-33294 AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources
WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with...
CVE-2026-33294 AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources
WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint plugin/BulkEmbed/save.json.php fetches user-supplied thumbnail URLs via urlgetcontents without SSRF protection. Unlike all six other URL-fetching endpoints in AVideo that were hardened with...