Lucene search
K

4 matches found

Snyk
Snyk
added 2026/06/26 11:32 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 7:50 a.m.4 views

CVE-2026-8679 AudioIgniter Music Player <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

7.5CVSS5.9AI score0.01508EPSS
Exploits0References7
OSV
OSV
added 2026/03/26 6:5 p.m.2 views

GHSA-75QQ-68M8-PVFR AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents

Summary The objects/playlistsVideos.json.php endpoint returns the full video contents of any playlist by ID without any authentication or authorization check. Private playlists including watchlater and favorite types are correctly hidden from listing endpoints via playlistsFromUser.json.php, but...

5.3CVSS6AI score0.00295EPSS
Exploits1References4
OSV
OSV
added 2024/10/09 7:15 p.m.4 views

UBUNTU-CVE-2024-47828

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc.. Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they a...

6.5CVSS5.9AI score0.00288EPSS
Exploits1References3
Rows per page
Query Builder