Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.4 views

CVE-2026-35181

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

4.3CVSS5.9AI score0.00134EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 7:9 p.m.4 views

CVE-2026-35181 WWBN AVideo Affected by CSRF on Player Skin Configuration via admin/playerUpdate.json.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

4.3CVSS5.9AI score0.00134EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 7:9 p.m.18 views

CVE-2026-35181 WWBN AVideo Affected by CSRF on Player Skin Configuration via admin/playerUpdate.json.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

4.3CVSS0.00134EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 7:9 p.m.14 views

CVE-2026-35181

CVE-2026-35181 affects WWBN AVideo prior to 29.x. The endpoint admin/playerUpdate.json.php does not validate CSRF tokens, and the ORM security check excludes the plugins table via ignoreTableSecurityCheck(), removing the remaining defense. Coupled with SameSite=None cookies, an authenticated admi...

4.3CVSS5.9AI score0.00134EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token validation in the player skin configuration endpoint, which cou...

4.3CVSS5.7AI score0.00134EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/03 11:43 p.m.7 views

AVideo: CSRF on Player Skin Configuration via admin/playerUpdate.json.php

Severity: Medium CWE: CWE-352 Cross-Site Request Forgery Summary The player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing the only...

4.3CVSS6AI score0.00134EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30285

Severity: Medium CWE: CWE-352 Cross-Site Request Forgery Summary The player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing the only...

4.3CVSS6AI score0.00134EPSS
Exploits1References4
Check Point Advisories
Check Point Advisories
added 2009/12/30 12:0 a.m.20 views

Microsoft Windows Media Player Arbitrary File Download (MS03-017; CVE-2003-0228)

Microsoft Windows Media Player is an application that is used to play various media files, such as those compressed with AVI, MP3, MPG formats and so on. Windows Media Player runs on the Microsoft Windows operating system. Windows Media Player has the ability to change its user interface and...

7.5CVSS6.3AI score0.46315EPSS
Exploits1
Rows per page
Query Builder