Lucene search
K

20479 matches found

CVE
CVE
added 1 hour ago19 views

CVE-2026-50183

CVE-2026-50183 refers to a stored XSS in WWBN/AVideo via the YouTubeAPI plugin (versions 29.0 and below). The vulnerability occurs because the plugin renders YouTube data API field snippet.title into the homepage gallery without HTML encoding, allowing an attacker who controls a YouTube video mat...

4.7CVSS6AI score0.00031EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago45 views

AVTECH DVR - Login Verification Code Bypass

AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code. id: CVE-2013-4982 info: name: AVTECH DVR - Login Verification Code Bypass author: ritikchaddha severity: low description: | AVTECH DVR products are vulnerable t...

9.8CVSS7.1AI score0.13117EPSS
Exploits6References1
Nuclei
Nuclei
added 18 hours ago8 views

Tube Video Ads Lite - Reflected XSS

Tube Video Ads Lite WordPress plugin = 1.5.7 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craf...

7.1CVSS7.2AI score0.00551EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago26 views

WordPress S3 Video <=0.983 - Cross-Site Scripting

WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

6.1CVSS6.6AI score0.03209EPSS
Exploits2References5
Nuclei
Nuclei
added 18 hours ago28 views

WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting

WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.6AI score0.0465EPSS
Exploits2References4
Nuclei
Nuclei
added 18 hours ago261 views

WordPress HTML5 Video Player - SQL Injection

WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks. id: CVE-2024-1061 info: name: WordPress HTML5 Video Player - SQL Injection author: xxcdd severity: critical description: | WordPress HTM...

9.8CVSS7AI score0.11215EPSS
Exploits1References5
Nuclei
Nuclei
added 18 hours ago87 views

Suprema BioStar <2.8.2 - Local File Inclusion

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...

7.5CVSS7.1AI score0.50734EPSS
Exploits4References4
Nuclei
Nuclei
added 18 hours ago167 views

WordPress HTML5 Video Player < 2.5.27 - SQL Injection

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks id: CVE-2024-5522 info: name: WordPress HTML5 Video Player 2.5.27 - SQL Injection...

6.5CVSS6.1AI score0.02618EPSS
Exploits6References2
Nuclei
Nuclei
added 18 hours ago63 views

Fujitsu IP Series - Hardcoded Credentials

Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative...

7.5CVSS6.7AI score0.0299EPSS
Exploits0References5
Nuclei
Nuclei
added 18 hours ago44 views

WordPress WP Video Gallery <=1.7.1 - SQL Injection

WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

9.8CVSS7.1AI score0.09238EPSS
Exploits1References5
NVD
NVD
added yesterday3 views

CVE-2026-15767

Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. Chromium security severity: High...

8.8CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-15767

Summary of CVE-2026-15767 : A heap buffer overflow in libyuv used by Google Chrome on Windows allows remote code execution in the sandbox via a crafted video file. The issue is tied to Chrome prior to version 150.0.7871.125. In the connected advisories, Chrome’s July 2026 Stable Channel update li...

8.8CVSS6.5AI score
Exploits0References2Affected Software1
NVD
NVD
added yesterday3 views

CVE-2026-49804

Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack...

6.6CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-49804

CVE-2026-49804 describes a heap-based buffer overflow in the Windows USB Video Driver that can allow an unauthorized attacker to elevate privileges via a physical attack. The vulnerability is characterized by a physical attack vector with low exploit complexity and the need for user interaction, ...

6.6CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2026-49804 Windows USB Video Driver Elevation of Privilege Vulnerability

...

6.6CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-54989

CVE-2026-54989 is a use-after-free in the Quality Windows Audio/Video Experience (QWAVE) service that enables a locally authenticated attacker to elevate privileges. The CVSS 3.1 metrics describe a Local attack with High impact on confidentiality, integrity, and availability, requiring LOW privil...

7CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-54989 Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability

...

7CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday21 views

NUUO Camera <=20250203 - OS Command Injection

NUUO Camera up to 20250203 contains a command injection caused by manipulation of the 'log' argument in /handleconfig.php, letting remote attackers execute arbitrary commands, exploit requires remote access. id: CVE-2025-1338 info: name: NUUO Camera =20250203 - OS Command Injection author: Ark...

7.5CVSS7.2AI score0.51881EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday36 views

All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery

WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery SSRF via the 'dl' parameter found in the /public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the serve...

8.2CVSS7AI score0.25869EPSS
Exploits0References5
NVD
NVD
added yesterday5 views

CVE-2026-15624

A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...

6.5CVSS0.00209EPSS
Exploits0References6
Rows per page
Query Builder