Lucene search
K

6 matches found

EUVD
EUVD
added 2026/03/30 6:3 p.m.6 views

EUVD-2026-16748

AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification...

5.3CVSS5.9AI score0.00376EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/30 6:3 p.m.4 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization through the getapivideofile and getapivideo API endpoints in plugin/API/API.php. An attacker can retrieve direct playback URLs for...

6.9CVSS5.8AI score0.00376EPSS
Exploits1References2
OSV
OSV
added 2026/03/30 6:3 p.m.7 views

GHSA-Q6JJ-R49P-94FH AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

Summary The getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal web playback flow enforces password checks via the CustomizeUser::getModeYouTu...

5.3CVSS6AI score0.00376EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.4 views

CVE-2026-34369

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

5.3CVSS5.9AI score0.00376EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 7:16 p.m.13 views

CVE-2026-34369

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

5.3CVSS0.00376EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/27 6:13 p.m.24 views

CVE-2026-34369 AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

5.3CVSS0.00376EPSS
Exploits1References2
Rows per page
Query Builder