5 matches found
GHSA-8X77-F38V-4M5J AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion
Summary A user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented as only allowing video publicity changes Active, Inactive, Unlisted. The roo...
CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion
WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...
CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion
WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...
CVE-2026-33650
Summary: WWBN AVideo (≤26.0) allows a user with the Videos Moderator permission to perform full video management, including ownership transfer and deletion, despite the permission only enabling publicity changes. Root cause: Permissions::canModerateVideos() is used as the authorization gate for f...
CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion
WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations — including ownership transfer and deletion of any video — despite the permission being documented ...