3 matches found
CVE-2026-33354
WWBN AVideo is an open source video platform. In versions up to and including 26.0, POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint...
CVE-2026-33354
WWBN AVideo is an open source video platform. In versions up to and including 26.0, POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint...
CVE-2026-33354
creationtimestamp| type| source ---|---|--- 2026-03-19 15:10:58+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-4jw9-5hrc-m4j6 2026-03-19 15:10:58+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-4jw9-5hrc-m4j6...