CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2026/04/01 11:1 p.m.•1 views

CVE-2026-34732

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...

7.5CVSS5.9AI score0.00023EPSS

Exploits1References1

OSV•added 2026/04/01 9:5 p.m.•2 views

GHSA-G2MG-CGR6-VMV7 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints

Summary The AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php template was shipped without this guard. Every plugin that uses th...

5.3CVSS6AI score0.00023EPSS

Exploits1References4

Github Security Blog•added 2026/04/01 9:5 p.m.•3 views

AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints

7.5CVSS6AI score0.00023EPSS

Exploits1References4Affected Software1

NVD•added 2026/03/31 9:16 p.m.•2 views

CVE-2026-34732

7.5CVSS0.00023EPSS

Exploits1References1

CVE•added 2026/03/31 8:51 p.m.•3 views

CVE-2026-34732

WWBN AVideo CVE-2026-34732 affects the CreatePlugin list.json.php template (versions ≤26.0). The template ships without authentication/authorization checks, while add.json.php and delete.json.php require admin privileges. This omission creates 21 unauthenticated data-listing endpoints across the ...

7.5CVSS5.9AI score0.00023EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/03/31 8:51 p.m.•1 views

CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints

5.3CVSS5.9AI score0.00023EPSS

Exploits1References1

ATTACKERKB•added 2026/03/31 8:51 p.m.•2 views

CVE-2026-34732

5.3CVSS5.9AI score0.00023EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/31 8:51 p.m.•22 views

CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints

5.3CVSS0.00023EPSS

Exploits1References1

OSV•added 2026/03/31 8:51 p.m.•3 views

CVE-2026-34732 AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints

5.3CVSS5.9AI score0.00023EPSS

Exploits1References3

CNNVD•added 2026/03/31 12:0 a.m.•3 views

WWBN AVideo 访问控制错误漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication for the list.json.php endpoint in the CreatePlugin template, which coul...

7.5CVSS5.8AI score0.00023EPSS

Exploits1References2

Positive Technologies•added 2026/03/31 12:0 a.m.•2 views

PT-2026-29362

7.5CVSS5.9AI score0.00023EPSS

Exploits1References3

OSV•added 2022/06/13 2:15 p.m.•1 views

CVE-2022-1749

The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createpluginatfadminsettingpage function found in the /inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and...

8.8CVSS5.8AI score0.00193EPSS

Exploits1References3

0day.today•added 2018/03/16 12:0 a.m.•47 views

Android DRM Services - Buffer Overflow Exploit

Exploit for Android platform in category dos / poc include include include include include include include include include include using namespace android; static sp getCrypto sp sm = defaultServiceManager; sp binder = sm-getServiceString16"media.drm"; sp service = interfacecastbinder; if service...

0.3AI score0.04218EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by