Lucene search
K

729 matches found

Snyk
Snyk
added 2026/03/30 6:3 p.m.4 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization through the getapivideofile and getapivideo API endpoints in plugin/API/API.php. An attacker can retrieve direct playback URLs for...

6.9CVSS5.8AI score0.00376EPSS
Exploits1References2
OSV
OSV
added 2026/03/30 6:3 p.m.7 views

GHSA-Q6JJ-R49P-94FH AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

Summary The getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal web playback flow enforces password checks via the CustomizeUser::getModeYouTu...

5.3CVSS6AI score0.00376EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.4 views

CVE-2026-34369

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

5.3CVSS5.9AI score0.00376EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 7:16 p.m.13 views

CVE-2026-34369

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

5.3CVSS0.00376EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 6:13 p.m.22 views

CVE-2026-34369 AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

5.3CVSS0.00376EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 6:13 p.m.4 views

CVE-2026-34369

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

5.3CVSS5.9AI score0.00376EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 5:2 p.m.4 views

CVE-2026-32562

Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through = 1.9.15...

5.4CVSS5.8AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.8 views

CVE-2026-30933

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

7.5CVSS5.8AI score0.00544EPSS
Exploits2References1
NVD
NVD
added 2026/03/26 2:16 a.m.5 views

CVE-2026-4831

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

6.3CVSS0.0048EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/26 1:2 a.m.2 views

EUVD-2026-16076

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

6.3CVSS4.9AI score0.0048EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/26 1:2 a.m.2 views

CVE-2026-4831 kalcaddle kodbox Password-protected Share auth.class.php can improper authentication

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

6.3CVSS4.9AI score0.0048EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/26 1:2 a.m.35 views

CVE-2026-4831 kalcaddle kodbox Password-protected Share auth.class.php can improper authentication

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

6.3CVSS0.0048EPSS
Exploits0References4
CVE
CVE
added 2026/03/26 1:2 a.m.11 views

CVE-2026-4831

CVE-2026-4831 affects kalcaddle kodbox 1.64. The vulnerability is described as an improper authentication in the Password-protected Share Handler, specifically in the file /workspace/source-code/app/controller/explorer/auth.class.php. The issue can be exploited remotely; attack complexity is high...

6.3CVSS4.9AI score0.0048EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.12 views

PT-2026-28185

A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected Share Handler. Performing a manipulation results in improper authentication. The attack is...

6.3CVSS4.9AI score0.0048EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/25 4:15 p.m.1 views

CVE-2026-32562

Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through = 1.9.15...

5.4CVSS5.8AI score0.00131EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/25 4:15 p.m.25 views

CVE-2026-32562 WordPress PPWP plugin <= 1.9.15 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Folio Team PPWP password-protect-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPWP: from n/a through = 1.9.15...

5.4CVSS0.00131EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.4 views

SUSE CVE-2026-30933

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

7.5CVSS5.8AI score0.00544EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26783

Summary The view/forbiddenPage.php and view/warningPage.php templates reflect the $ REQUEST'unlockPassword' parameter directly into an HTML tag's attributes without any output encoding or sanitization. An attacker can craft a URL that breaks out of the value attribute and injects arbitrary HTML...

6.1CVSS5.9AI score0.00231EPSS
Exploits1References5
NVD
NVD
added 2026/03/10 6:18 p.m.9 views

CVE-2026-30933

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

7.5CVSS0.00544EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/10 4:10 p.m.32 views

CVE-2026-30933 FileBrowser Quantum Incomplete Remediation of CVE-2026-27611: Password-Protected Share Bypass via /public/api/share/info

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

7.5CVSS0.00544EPSS
Exploits1References3
Rows per page
Query Builder