3 matches found
CVE-2025-34433
AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...
CVE-2025-34433
AVideo 14.3.1–20.0.x isaffected by an unauthenticated RCE due to insecure salt generation: installation salt is created with PHP uniqid(), and the installation timestamp plus a derived hashId are exposed publicly, enabling offline brute-forcing of the remaining entropy to recover the salt. Attack...
EUVD-2024-2004
Malicious code in bioql PyPI...