Lucene search
K

4 matches found

OSV
OSV
added 2026/04/08 12:8 a.m.7 views

GHSA-CMCR-Q4JF-P6Q9 WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

Summary The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and...

7.1CVSS6AI score0.00206EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/08 12:0 a.m.17 views

WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and stores it ...

8.6CVSS5.9AI score0.00235EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/25 4:16 p.m.5 views

CVE-2026-27732

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...

8.6CVSS5.7AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 2:56 p.m.37 views

CVE-2026-27732

WWBN AVideo contains an SSRF vulnerability in the aVideoEncoder.json.php endpoint prior to version 22.0. The endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list, enabling authenticated users to trigger requests to arb...

8.6CVSS5.7AI score0.00235EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder