AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment

Summary The CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured the default state, the key validation check is completely bypassed, allowin...

EUVD-2026-14506

AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment...

WWBN AVideo 访问控制错误漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an access control vulnerability. This vulnerability stemmed from the use of default empty keys for authentication at the status.json.php and disable.json.php...

Default inheritable capabilities for linux container should be empty

...

PT-2013-1353 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 9.0 through 10 Description: The issue is related to the administrator.cfc component in Adobe ColdFusion, which allows remote attackers to bypass authentication and possibly execute arbitrary code. This is achieved by...