Lucene search
K

189 matches found

CNNVD
CNNVD
added 2026/04/13 12:0 a.m.5 views

HummerCloud HummerRisk 代码问题漏洞

HummerCloud HummerRisk is an open-source cloud-native security platform developed by HummerCloud Technology in China. It addresses security and governance issues in cloud-native environments in a non-invasive manner. Its core capabilities include security governance for hybrid clouds and...

5.8CVSS5.8AI score0.00218EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/09 1:23 a.m.4 views

CVE-2026-39370

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

7.1CVSS5.9AI score0.00206EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/08 12:8 a.m.4 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the downloadURL parameter processing in objects/aVideoEncoder.json.php. An attacker can access internal resources and exfiltrat...

7.1CVSS5.8AI score0.00206EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/08 12:0 a.m.17 views

WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and stores it ...

8.6CVSS5.9AI score0.00235EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/07 8:16 p.m.5 views

CVE-2026-39370

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

7.1CVSS0.00206EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 7:26 p.m.15 views

CVE-2026-39370

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-39370. The flaw resides in objects/aVideoEncoder.json.php which still accepts attacker-controlled downloadURL values with common media or archive extensions (e.g., .mp4, .mp3, .zip, .jpg, .png, .gif, .webm) that bypass SSRF validation....

7.1CVSS5.9AI score0.00206EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:26 p.m.3 views

CVE-2026-39370

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

8.6CVSS5.9AI score0.00235EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.10 views

PT-2026-30989

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

7.1CVSS5.9AI score0.00235EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/25 9:28 p.m.2 views

Arbitrary File Upload

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Arbitrary File Upload through the downloadVideoFromDownloadURL function. A user with upload permissions can execute arbitrary code on the server by uploading a...

8.8CVSS6.1AI score0.00395EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/25 9:28 p.m.8 views

AVideo: Remote Code Execution via PHP Temp File in Encoder downloadURL

Summary The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing an invalid resolution parameter, an attacker triggers an early die via...

8.8CVSS6.7AI score0.00395EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/23 6:48 p.m.26 views

CVE-2026-33717 AVideo Vulnerable to Remote Code Execution via Persistent PHP Temp File in Encoder downloadURL with Resolution Validation Abort

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing...

8.8CVSS0.00395EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/23 6:48 p.m.3 views

CVE-2026-33717 AVideo Vulnerable to Remote Code Execution via Persistent PHP Temp File in Encoder downloadURL with Resolution Validation Abort

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing...

8.8CVSS5.8AI score0.00395EPSS
Exploits1References2
CVE
CVE
added 2026/03/23 6:48 p.m.18 views

CVE-2026-33717

Summary: CVE-2026-33717 affects WWBN AVideo (versions up to 26.0). The vulnerability in the downloadVideoFromDownloadURL() function stores remote content in a web-accessible temp directory using the original URL filename/extension (including .php). By passing an invalid resolution parameter, an a...

8.8CVSS5.8AI score0.00395EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/03/23 6:14 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /download URL validation process. An attacker can access internal resources or trigger unintended network requests by crafting a browser-side redirect that bypasses validation. Remediation Upgrad...

6.9CVSS5.9AI score0.00289EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/19 6:31 p.m.11 views

EUVD-2025-208883

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

6.2AI score0.01222EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 12:0 a.m.5 views

CVE-2025-67113

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

6.2AI score0.01222EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.6 views

PT-2026-26318

OS command injection in the CWMP client /ftl/bin/cwmp of Small Cell Sercomm SCE4255W FreedomFi Englewood firmware before DG3934v3@2308041842 allows remote attackers controlling the ACS endpoint to execute arbitrary commands as root via a crafted TR-069 Download URL that is passed unescaped into t...

6.2AI score0.01222EPSS
Exploits0References6
CVE
CVE
added 2026/03/19 12:0 a.m.9 views

CVE-2025-67113

CVE-2025-67113 describes an OS command injection in the CWMP client (/ftl/bin/cwmp) of the Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware prior to DG3934v3@2308041842. The root cause is unescaped TR-069 Download URL input being passed into the firmware upgrade pipeline, allowing remot...

9.8CVSS6.2AI score0.01222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.7 views

PT-2026-24169

Name of the Vulnerable Software and Affected Versions FileBrowser versions prior to 1.3.1-beta and 1.2.2-stable Description An incomplete remediation for a previous issue allows disclosure of tokenized download URLs via the /public/api/share/info endpoint for password-protected shares. The issue...

9.9CVSS5.8AI score0.22162EPSS
Exploits70References138
RedhatCVE
RedhatCVE
added 2026/02/27 12:41 a.m.15 views

CVE-2026-3189

A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be executed remotely. Attacks ...

3.1CVSS5AI score0.00212EPSS
Exploits0References1
Rows per page
Query Builder