Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.6 views

CVE-2026-39369

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

7.6CVSS5.8AI score0.00412EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/08 12:8 a.m.7 views

WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

Summary objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storage path. The vulnerable GIF branch could be abused to read local...

7.6CVSS5.9AI score0.00412EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/08 12:8 a.m.9 views

GHSA-F4F9-627C-JH33 WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

Summary objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storage path. The vulnerable GIF branch could be abused to read local...

7.6CVSS5.8AI score0.00718EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/08 12:8 a.m.4 views

EUVD-2026-19883

WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs...

7.6CVSS5.9AI score0.00412EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 12:8 a.m.5 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the downloadURLgifimage parameter in the GIF poster upload process. An attacker can access and disclose arbitrary server-local files by...

7.6CVSS6.3AI score0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 7:24 p.m.3 views

CVE-2026-39369 WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

7.6CVSS5.8AI score0.00412EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:24 p.m.3 views

CVE-2026-39369

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

7.6CVSS5.8AI score0.00412EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/07 7:24 p.m.13 views

CVE-2026-39369

WWBN AVideo (versions 26.0 and earlier) contains a vulnerability in objects/aVideoEncoderReceiveImage.json.php that allows an authenticated uploader to fetch attacker-controlled same-origin /videos/ URLs and bypass traversal scrubbing. This can expose server-local files (e.g., /etc/passwd or appl...

7.6CVSS5.8AI score0.00412EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 7:24 p.m.26 views

CVE-2026-39369 WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

7.6CVSS0.00412EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.3 views

PT-2026-30988

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

7.6CVSS5.8AI score0.00412EPSS
Exploits0References4
Rows per page
Query Builder