6 matches found
CVE-2026-58447
Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...
CVE-2023-5945
The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsivevideogallerywithlightboxvideomanagementfunc function. This makes it possible for unauthenticated attackers...
TikTok: CSRF for deleting videos
A CSRF Cross Site Request Forgery vulnerability was reported on TikTok which could potentially be used by an attacker to delete other users' public videos if the user were to click a malicious link. This issue has since been resolved. We thank @luizviana for reporting this to our team and...
Researchers Demonstrate How to Hack Any TikTok Account by Sending SMS
TikTok , the 3rd most downloaded app in 2019, is under intense scrutiny over users' privacy, censoring politically controversial content and on national-security grounds—but it's not over yet, as the security of billions of TikTok users would be now under question. The famous Chinese viral...
FTC Hits TikTok With Record $5.7 Million Fine Over Children’s Privacy
The social media app will pay $5.7 million to settle the allegations, and be required to delete videos uploaded by anyone under 13...
CVE-2015-4352
Cross-site request forgery CSRF vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via unspecified vectors...