2 matches found
CVE-2026-33483 AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data...
CVE-2026-33483
CVE-2026-33483 affects WWBN AVideo up to version 26.0. The endpoint aVideoEncoderChunk.json.php is unauthenticated, outside the framework, and writes POST data to permanent files in /tmp with no size limits or cleanup, enabling disk-space exhaustion and potential denial of service. Public documen...