Lucene search
+L

643 matches found

Snyk
Snyk
added 2026/03/19 4:43 p.m.3 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the videoDirectory parameter in the hls.php file. An attacker can access and stream private or paid video content by supplying a crafted pa...

8.7CVSS6.4AI score0.00688EPSS
Exploits1References2
OSV
OSV
added 2026/03/19 4:43 p.m.3 views

GHSA-PW4V-X838-W5PG AVideo has an Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos

Summary The HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two divergent code paths — one for authorization which truncates at the...

7.5CVSS5.8AI score0.00688EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/19 4:43 p.m.7 views

AVideo has an Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos

Summary The HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two divergent code paths — one for authorization which truncates at the...

7.5CVSS5.8AI score0.00688EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11834

Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through = 1.3.2...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.5 views

CVE-2026-32348

Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through = 1.3.2...

5.3CVSS0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:41 a.m.3 views

CVE-2026-32348

Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through = 1.3.2...

5.8AI score0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/03/13 11:41 a.m.11 views

CVE-2026-32348

The CVE-2026-32348 entry concerns the WordPress MAS Videos plugin (masvideos) with a Missing Authorization vulnerability due to incorrectly configured access control security levels. It affects MAS Videos versions up to and including 1.3.2. The connected documents substantiate the vulnerability d...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:41 a.m.31 views

CVE-2026-32348 WordPress MAS Videos plugin <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through = 1.3.2...

5.3CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:41 a.m.3 views

CVE-2026-32348 WordPress MAS Videos plugin <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in MadrasThemes MAS Videos masvideos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MAS Videos: from n/a through = 1.3.2...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.9 views

WordPress plugin MAS Videos 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/06 3:5 a.m.5 views

CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...

9.8CVSS5.8AI score0.0151EPSS
Exploits1References3
CVE
CVE
added 2026/03/06 3:5 a.m.32 views

CVE-2026-28501

CVE-2026-28501 concerns the open‑source video platform WWBN AVideo. A unauthenticated SQL injection exists in the components objects/videos.json.php and objects/video.php due to improper sanitization of the catName parameter when supplied in a JSON POST body. JSON input is parsed and merged into ...

9.8CVSS5.9AI score0.0151EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/06 3:5 a.m.9 views

CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...

9.8CVSS5.9AI score0.0151EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.12 views

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 24.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper cleaning of the catName parameter in the objects/videos.json.php and objects/video.ph...

9.8CVSS5.9AI score0.0151EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/02 8:49 p.m.2 views

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the catName parameter in JSON-formatted POST requests to objects/videos.json.php and objects/video.php. An attacker can execute arbitrary SQL...

9.8CVSS6.2AI score0.0151EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/02 8:49 p.m.18 views

AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...

9.8CVSS6AI score0.0151EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/02 8:49 p.m.6 views

GHSA-PV87-R9QF-X56P AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php

Impact An unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and...

9.8CVSS6AI score0.0151EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/28 8:26 a.m.34 views

CVE-2026-0702 VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields'

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

7.5CVSS0.00409EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/25 1:21 p.m.5 views

WordPress Automatic Featured Images from Videos plugin <= 1.2.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Automatic Featured Images from Videos versions = 1.2.7...

4.3CVSS5.9AI score0.00201EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.12 views

CVE-2026-24535

Missing Authorization vulnerability in webdevstudios Automatic Featured Images from Videos automatic-featured-images-from-videos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic Featured Images from Videos: from n/a through = 1.2.7...

4.3CVSS5.4AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder