20479 matches found
CVE-2026-50183
CVE-2026-50183 refers to a stored XSS in WWBN/AVideo via the YouTubeAPI plugin (versions 29.0 and below). The vulnerability occurs because the plugin renders YouTube data API field snippet.title into the homepage gallery without HTML encoding, allowing an attacker who controls a YouTube video mat...
AVTECH DVR - Login Verification Code Bypass
AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code. id: CVE-2013-4982 info: name: AVTECH DVR - Login Verification Code Bypass author: ritikchaddha severity: low description: | AVTECH DVR products are vulnerable t...
Tube Video Ads Lite - Reflected XSS
Tube Video Ads Lite WordPress plugin = 1.5.7 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute arbitrary scripts in the context of high privilege users, exploit requires attacker to craf...
WordPress S3 Video <=0.983 - Cross-Site Scripting
WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...
WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
WordPress HTML5 Video Player - SQL Injection
WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks. id: CVE-2024-1061 info: name: WordPress HTML5 Video Player - SQL Injection author: xxcdd severity: critical description: | WordPress HTM...
Suprema BioStar <2.8.2 - Local File Inclusion
Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...
WordPress HTML5 Video Player < 2.5.27 - SQL Injection
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks id: CVE-2024-5522 info: name: WordPress HTML5 Video Player 2.5.27 - SQL Injection...
Fujitsu IP Series - Hardcoded Credentials
Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative...
WordPress WP Video Gallery <=1.7.1 - SQL Injection
WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...
CVE-2026-15767
Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. Chromium security severity: High...
CVE-2026-15767
Summary of CVE-2026-15767 : A heap buffer overflow in libyuv used by Google Chrome on Windows allows remote code execution in the sandbox via a crafted video file. The issue is tied to Chrome prior to version 150.0.7871.125. In the connected advisories, Chrome’s July 2026 Stable Channel update li...
CVE-2026-49804
Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack...
CVE-2026-49804
CVE-2026-49804 describes a heap-based buffer overflow in the Windows USB Video Driver that can allow an unauthorized attacker to elevate privileges via a physical attack. The vulnerability is characterized by a physical attack vector with low exploit complexity and the need for user interaction, ...
CVE-2026-49804 Windows USB Video Driver Elevation of Privilege Vulnerability
...
CVE-2026-54989
CVE-2026-54989 is a use-after-free in the Quality Windows Audio/Video Experience (QWAVE) service that enables a locally authenticated attacker to elevate privileges. The CVSS 3.1 metrics describe a Local attack with High impact on confidentiality, integrity, and availability, requiring LOW privil...
CVE-2026-54989 Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability
...
NUUO Camera <=20250203 - OS Command Injection
NUUO Camera up to 20250203 contains a command injection caused by manipulation of the 'log' argument in /handleconfig.php, letting remote attackers execute arbitrary commands, exploit requires remote access. id: CVE-2025-1338 info: name: NUUO Camera =20250203 - OS Command Injection author: Ark...
All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery
WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery SSRF via the 'dl' parameter found in the /public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the serve...
CVE-2026-15624
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...