Lucene search
K

8 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40415

Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...

7.1CVSS5.9AI score0.00225EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 9:5 p.m.4 views

CVE-2026-58447 Invidious - Cross-User Playlist Video Deletion via Missing Ownership Check

Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...

7.1CVSS6AI score0.00225EPSS
Exploits0References7
CVE
CVE
added 2026/06/30 9:5 p.m.13 views

CVE-2026-58447

CVE-2026-58447 (Invidious) : A broken object-level authorization vulnerability affects Invidious up to version 2.20260626.0. An authenticated attacker can delete videos from other users’ playlists by supplying an arbitrary global video index to the remove_video endpoint, using per-video indices e...

7.1CVSS5.9AI score0.00225EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/30 9:5 p.m.5 views

CVE-2026-58447 Invidious - Cross-User Playlist Video Deletion via Missing Ownership Check

Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...

7.1CVSS5.9AI score0.00225EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 5:18 p.m.20 views

CVE-2026-57946

CVE-2026-57946 affects Invidious prior to version 2.20260626.0. A broken access control allows unauthenticated attackers to fetch private playlist contents by requesting the RSS feed playlist endpoint with a playlist ID, exposing the full playlist, owner email address, and associated video entrie...

6.3CVSS5.8AI score0.00272EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 5:18 p.m.35 views

CVE-2026-57946 Invidious - Private Playlist Disclosure via Unauthenticated RSS Feed Endpoint

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain th...

6.3CVSS0.00272EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:18 p.m.3 views

CVE-2026-57946 Invidious - Private Playlist Disclosure via Unauthenticated RSS Feed Endpoint

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain th...

6.3CVSS6AI score0.00272EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/29 5:18 p.m.8 views

EUVD-2026-40163

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain th...

6.3CVSS5.8AI score0.00272EPSS
Exploits0References5
Rows per page
Query Builder