Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/03/26 3:0 p.m.0 views

CVE-2026-33493

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...

8.1CVSS5.8AI score0.00106EPSS
Exploits1References1
NVD
NVDadded 2026/03/23 4:16 p.m.2 views

CVE-2026-33493

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...

8.1CVSS0.00106EPSS
Exploits1References2
CVE
CVEadded 2026/03/23 3:52 p.m.4 views

CVE-2026-33493

CVE-2026-33493 affects WWBN AVideo (versions up to and including 26.0). The vulnerability is rooted in objects/import.json.php, which only validates fileURI ends with .mp4 and imposes no directory restriction. An authenticated user with upload permission can abuse this to: (1) import another user...

8.1CVSS5.8AI score0.00106EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/23 3:52 p.m.1 views

CVE-2026-33493 AVideo has a Path Traversal in import.json.php that Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...

7.1CVSS5.9AI score0.00106EPSS
Exploits1References4
Snyk
Snykadded 2026/03/20 8:49 p.m.2 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal in the import.json.php endpoint when handling the fileURI parameter. An authenticated user with upload permissions can access and copy private...

8.1CVSS6.3AI score0.00106EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/03/20 8:49 p.m.4 views

AVideo has a Path Traversal in import.json.php Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter

Summary The objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath + directory prefix check to restrict paths to the videos/ directory,...

8.1CVSS6AI score0.00106EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2026/03/20 8:49 p.m.2 views

GHSA-83XQ-8JXJ-4RXM AVideo has a Path Traversal in import.json.php Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter

Summary The objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath + directory prefix check to restrict paths to the videos/ directory,...

7.1CVSS6AI score0.00106EPSS
Exploits1References4
Rows per page
Query Builder