Lucene search
+L

15 matches found

CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the downloadVideoFromDownloadURL function using the original file name and extension of the remote...

8.8CVSS5.9AI score0.00395EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-5553

Malware in sbrugna...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/17 6:45 p.m.7 views

CVE-2025-10472

A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...

6.9CVSS5.3AI score0.00776EPSS
Exploits1References1
NVD
NVD
added 2025/09/15 7:15 p.m.4 views

CVE-2025-10472

A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...

7.5CVSS0.00776EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/09/15 6:32 p.m.2 views

CVE-2025-10472 harry0703 MoneyPrinterTurbo URL video.py stream_video path traversal

A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function downloadvideo/streamvideo of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument filepath leads to path traversal. The attack can be...

6.9CVSS6.6AI score0.00776EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.5 views

MoneyPrinterTurbo 路径遍历漏洞

MoneyPrinterTurbo is a software by Harry's personal developer that generates short HD videos using AI macromodels. A path traversal vulnerability exists in MoneyPrinterTurbo 1.2.6 and earlier versions, which stems from path traversal due to incorrect operation of the function...

7.5CVSS6.3AI score0.00427EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/02/21 8:50 a.m.25 views

CVE-2022-4785 Download Video Sidebar Widgets <= 6.1 - Contributor+ Stored XSS via Shortcode

The Video Sidebar Widgets WordPress plugin through 6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.5AI score0.00471EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.3 views

WordPress Plugin Download Video Sidebar Widgets 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
NVD
NVD
added 2021/07/07 2:15 p.m.29 views

CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

9.8CVSS0.01684EPSS
Exploits0References1
Prion
Prion
added 2021/07/07 2:15 p.m.12 views

Directory traversal

Directory traversal in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter...

5CVSS7.5AI score0.01967EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/07/07 2:15 p.m.23 views

Server side request forgery (ssrf)

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

7.5CVSS9.3AI score0.01684EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/07/07 1:35 p.m.36 views

CVE-2020-24142

Server-side request forgery in the Video Downloader for TikTok aka downloader-tiktok plugin 1.3 for WordPress lets an attacker send crafted requests from the back-end server of a vulnerable web application via the njt-tk-download-video parameter. It can help identify open ports, local network hos...

9.5AI score0.01684EPSS
Exploits0References1
Prion
Prion
added 2014/09/09 1:55 a.m.11 views

Information disclosure

The AVD Download Video aka com.myboyfriendisageek.videocatcher.demo application 3.3.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/09/09 1:0 a.m.19 views

CVE-2014-5666

The AVD Download Video aka com.myboyfriendisageek.videocatcher.demo application 3.3.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00271EPSS
Exploits0References3
CVE
CVE
added 2014/09/09 1:0 a.m.53 views

CVE-2014-5666

CVE-2014-5666 concerns the Android app “AVD Download Video” (com.myboyfriendisageek.videocatcher.demo), version 3.3.13. The vulnerability is that the app does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information via...

5.4CVSS6AI score0.00271EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder