Lucene search
+L

7 matches found

RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35179

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Facebook/Instagram Graph API. The endpoint accepts user-controlled parameters including an access...

5.3CVSS6AI score0.00215EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 8:16 p.m.4 views

CVE-2026-35179

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Facebook/Instagram Graph API. The endpoint accepts user-controlled parameters including an access...

5.3CVSS0.00215EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:5 p.m.1 views

CVE-2026-35179

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Facebook/Instagram Graph API. The endpoint accepts user-controlled parameters including an access...

5.3CVSS6AI score0.00215EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/06 7:5 p.m.24 views

CVE-2026-35179 WWBN AVideo Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Facebook/Instagram Graph API. The endpoint accepts user-controlled parameters including an access...

5.3CVSS0.00215EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/22 4:29 p.m.29 views

CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

5.9CVSS0.00323EPSS
Exploits1References2
CVE
CVE
added 2026/03/22 4:29 p.m.21 views

CVE-2026-33319

Summary: CVE-2026-33319 affects WWBN AVideo prior to 26.0 via the SocialMediaPublisher/SocialUploader.php. The vulnerability is an OS command injection because the code builds a shell command by concatenating an untrusted upload URL from LinkedIn’s API with a file path and passes it to exec(), wi...

7.5CVSS6AI score0.00323EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/22 4:29 p.m.4 views

CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upload URL received from LinkedIn's API response, without sanitization via escapeshellarg. If an attacke...

5.9CVSS6.1AI score0.00323EPSS
Exploits1References4
Rows per page
Query Builder