7647 matches found
AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data
Summary The plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel names, user IDs, ad campaign names, and impression/click counts. The HTML...
GHSA-J36M-74G2-7M95 AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data
Summary The plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel names, user IDs, ad campaign names, and impression/click counts. The HTML...
Best Klaviyo Alternatives for Revenue Growth and Advanced Analytics
Top Klaviyo alternatives offer advanced analytics, automation, and insights to help e-commerce brands improve campaigns, boost revenue, and track performance...
EUVD-2026-15186
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...
CVE-2026-2072
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...
CVE-2026-2072 Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...
CVE-2026-2072
CVE-2026-2072 is a Cross-Site Scripting vulnerability affecting Hitachi Infrastructure Analytics Advisor (Analytics probe component) and Hitachi Ops Center Analyzer. Affected versions are 10.0.0-00 ≤ before 11.0.5-00. The CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L with base s...
CVE-2026-2072
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...
CVE-2026-2072 Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer
Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor Analytics probe component, Hitachi Ops Center Analyzer.This issue affects Hitachi Infrastructure Analytics Advisor:; Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.5-00...
PT-2026-27638
Name of the Vulnerable Software and Affected Versions Hitachi Infrastructure Analytics Advisor versions prior to 11.0.5-00 Hitachi Ops Center Analyzer versions prior to 11.0.5-00 Description A Cross-Site Scripting issue exists in the Analytics probe component of Hitachi Infrastructure Analytics...
Hitachi Ops Center Analyzer和Hitachi Infrastructure Analytics Advisor 安全漏洞
Hitachi Ops Center Analyzer and Hitachi Infrastructure Analytics Advisor are both products of Hitachi, Ltd., a Japanese company. Hitachi Ops Center Analyzer is a data center management software that allows for monitoring, reporting, and correlation of end-to-end performance from servers to storag...
CVE-2026-33685
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...
CVE-2026-33685 AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...
CVE-2026-33685
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...
CVE-2026-33685 AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...
CVE-2026-33685
WWBN AVideo up to version 26.0 exposes ad campaign analytics and related user data via unauthenticated access to plugin/AD_Server/reports.json.php. The HTML reports (reports.php) and CSV export (getCSV.php) enforce User::isAdmin(), but the JSON API lacked authentication/authorization checks, allo...
CVE-2026-33685 AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...
WordPress Smarter Analytics plugin <= 2.0 - Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter vulnerability
Missing Authorization to Unauthenticated Plugin Settings Reset via 'reset' Parameter vulnerability discovered by Poli - CMC Global in WordPress Plugin Smarter Analytics versions = 2.0...
PT-2026-27187
Name of the Vulnerable Software and Affected Versions AVideo versions prior to 26.1 Description AVideo is an open source video platform. Versions up to and including 26.0 lack authentication and authorization checks on the plugin/AD Server/reports.json.php endpoint. This allows unauthenticated...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from insufficient authentication and authorization checks at the reports.json.php endpoint of the ADServer...