CVE-2026-27732

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...

CVE-2026-27732

WWBN AVideo contains an SSRF vulnerability in the aVideoEncoder.json.php endpoint prior to version 22.0. The endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list, enabling authenticated users to trigger requests to arb...

CVE-2026-27732 AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests ...

PT-2026-21762

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 22.0 Description AVideo is an open source video platform. The aVideoEncoder.json.php API endpoint accepts a downloadURL parameter and fetches the referenced resource server-side without proper validation or an...

EUVD-2025-19617

Malicious code in bioql PyPI...

PT-2025-27531 · Zrlog · Zrlog

Name of the Vulnerable Software and Affected Versions: zrlog version 3.1.5 Description: A Server-Side Request Forgery SSRF issue was discovered in zrlog via the downloadUrl parameter. This allows for potential unauthorized access to internal resources. Recommendations: For zrlog version 3.1.5, as...