CVE-2026-33292

Summary (CVE-2026-33292) : WWBN AVideo is vulnerable prior to 26.0 due to a path traversal split-oracle in the HLS endpoint view/hls.php. The GET parameter videoDirectory is processed in two code paths: an authorization path that truncates after the first slash, and a file-access path that preser...

CVE-2026-33292 AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos

WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two...

CVE-2026-33292 AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos

WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two...

PT-2026-26470

Summary The HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two divergent code paths — one for authorization which truncates at the...

EUVD-2025-10954

Malicious code in bioql PyPI...

CVE-2025-32943

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...

CVE-2025-32943

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...

CVE-2025-32943 PeerTube HLS Video Files Path Traversal

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...

CVE-2025-32943 PeerTube HLS Video Files Path Traversal

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...

CVE-2025-32943

Summary (peer-reviewed sources confirm): CVE-2025-32943 affects PeerTube’s HLS endpoint, where a path traversal flaw allows any authenticated user to leak contents of arbitrary ".m3u8" files from the server. The vulnerability is rooted in improper input handling on the HLS path, enabling access t...

CVE-2023-47624

The CVE-2023-47624 entry affects Audiobookshelf (versions 2.4.3 and earlier). A path traversal in the /hls endpoint can allow any user (even with no privileges) to read files from the local filesystem, leading to Information Disclosure. As of publication, no patches are available. Affected produc...

CVE-2023-47624 Audiobookshelf Arbitrary File Read Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user regardless of their permissions may be able to read files from the local file system due to a path traversal in the /hls endpoint. This issue may lead to Information Disclosure. As of time of...