CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

CVE-2025-34440

AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks...

CVE-2025-34436

AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks...

CVE-2025-34434

CVE-2025-34434 affects AVideo versions prior to 20.1 with the ImageGallery plugin enabled. The vulnerability arises from image gallery endpoints that fail to enforce authentication and ownership checks, enabling unauthenticated actors to upload or delete images for any video. Red Hat and NVD entr...

WordPress Image Caption Hover Pro plugin < 20.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Image Caption Hover Pro versions 20.0...

SUSE CVE-2020-24889

A buffer overflow vulnerability in LibRaw version 20.0 LibRaw::GetNormalizedModel in src/metadata/normalizemodel.cpp may lead to context-dependent arbitrary code execution...

UBUNTU-CVE-2020-24889

A buffer overflow vulnerability in LibRaw version 20.0 LibRaw::GetNormalizedModel in src/metadata/normalizemodel.cpp may lead to context-dependent arbitrary code execution...