Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

32 matches found

NVD
NVDadded 2026/04/21 11:16 p.m.5 views

CVE-2026-40935

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS0.00218EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/04/21 12:0 a.m.6 views

PT-2026-34200

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with...

5.3CVSS5.8AI score0.00218EPSS
Exploits1References4
OSV
OSVadded 2026/03/25 7:53 p.m.1 views

GHSA-M99F-MMVG-3XMX AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

Summary The password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames and determine whether accounts are active, inactive, or banned — at scale and...

5.3CVSS5.9AI score0.00278EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/03/25 7:53 p.m.3 views

AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

Summary The password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames and determine whether accounts are active, inactive, or banned — at scale and...

5.3CVSS5.9AI score0.00278EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/09 9:29 a.m.9 views

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

5.3CVSS7AI score0.00829EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-41894

Malicious code in bioql PyPI...

7.3CVSS7.5AI score0.00467EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.7 views

EUVD-2022-0105

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.01126EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-34212

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.0051EPSS
Exploits2References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2024-0299

Malicious code in bioql PyPI...

5.3CVSS5.8AI score0.00829EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2025/05/23 3:32 a.m.4 views

CVE-2023-2751

The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resumeuploadform shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site...

5.3CVSS7AI score0.0051EPSS
Exploits2References1
Positive Technologies
Positive Technologiesadded 2025/04/23 12:0 a.m.3 views

PT-2025-17612 · Unknown · Meon Kyc Solutions

Name of the Vulnerable Software and Affected Versions: Meon KYC solutions affected versions not specified Description: The issue is caused by insufficient server-side validation of the Captcha in certain API endpoints, allowing a remote attacker to bypass the Captcha verification mechanism by...

8.2CVSS6.1AI score0.00342EPSS
Exploits0References8
Tenable Nessus
Tenable Nessusadded 2024/11/19 12:0 a.m.4 views

Fedora 40 : lemonldap-ng (2024-e457192aa2)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-e457192aa2 advisory. Update to lemonldap-ng 2.20.1: - Security Adaptative Authentication Rules triggered by Refresh my rights - Security XSS in upgradeSession / forceUpgrade page...

5.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2024/11/19 12:0 a.m.3 views

Fedora 41 : lemonldap-ng (2024-7bc1df53fc)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7bc1df53fc advisory. Update to lemonldap-ng 2.20.1: - Security Adaptative Authentication Rules triggered by Refresh my rights - Security XSS in upgradeSession / forceUpgrade page...

5.5AI score
Exploits0References1
Veracode
Veracodeadded 2024/01/15 6:30 a.m.17 views

Recovery Notification Bypass

WWBN AVideo is vulnerable to Recovery Notification Bypass. The vulnerability is due to a flaw in the captcha validation functionality of the userRecoverPass.php script. This issue can be exploited by an attacker to create a recovery pass code for any user...

5.3CVSS6.8AI score0.00829EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blogadded 2024/01/10 6:30 p.m.19 views

WWBN AVideo recovery notification bypass vulnerability

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to silently create a recovery pass code for any user...

5.3CVSS7.3AI score0.00829EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2024/01/10 4:15 p.m.2 views

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

5.3CVSS5.8AI score0.00829EPSS
Exploits1References2
NVD
NVDadded 2024/01/10 4:15 p.m.18 views

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

5.3CVSS5.3AI score0.00829EPSS
Exploits1References2
CVE
CVEadded 2024/01/10 3:48 p.m.35 views

CVE-2023-50172

Summary: CVE-2023-50172 affects WWBN AVideo (dev master, commit 15fed957fb). The vulnerability lies in userRecoverPass.php captcha validation, where the recoverPass value is set even if the captcha check fails, enabling a malicious actor to silently create a recovery pass code for any user. An at...

5.3CVSS5.6AI score0.00829EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2024/01/10 3:48 p.m.20 views

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

5.3CVSS5.6AI score0.00829EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/01/10 3:48 p.m.1 views

CVE-2023-50172

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...

5.3CVSS9.7AI score0.00829EPSS
Exploits1References1
Rows per page
Query Builder