3 matches found
CVE-2026-33513
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint APIName=locale concatenates user input into an include path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be...
CVE-2026-33513
WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint APIName=locale concatenates user input into an include path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be...
CVE-2026-33513
creationtimestamp| type| source ---|---|--- 2026-03-20 21:49:52+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-8fw8-q79c-fp9m 2026-03-23 19:23:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqrvqn5ef2e 2026-03-23 19:40:49+00:0...