Lucene search
K

5 matches found

OSV
OSV
added 2026/03/09 10:35 p.m.5 views

CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

6.9CVSS5.9AI score0.00365EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/09 10:35 p.m.3 views

CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

6.9CVSS5.8AI score0.00365EPSS
Exploits1References2
CVE
CVE
added 2026/03/09 10:35 p.m.12 views

CVE-2026-30885

WWBN AVideo prior to version 25.0 exposes an unauthenticated IDOR in the /objects/playlistsFromUser.json.php endpoint, allowing an attacker to enumerate user IDs and retrieve all playlists for any user, including playlist names, video IDs, and status. Root cause is lack of authentication/authoriz...

6.9CVSS5.8AI score0.00365EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.4 views

PT-2026-24090

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 25.0 Description The /objects/playlistsFromUser.json.php endpoint does not require authentication or authorization, allowing an unauthenticated attacker to enumerate user IDs and retrieve playlist information, includin...

6.9CVSS5.8AI score0.00365EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.10 views

PT-2026-7672

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the use...

8.7CVSS5.5AI score0.00565EPSS
Exploits1References5
Rows per page
Query Builder