Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.6 views

CVE-2026-39369

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

7.6CVSS5.8AI score0.00412EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 12:8 a.m.4 views

EUVD-2026-19883

WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs...

7.6CVSS5.9AI score0.00412EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 7:24 p.m.26 views

CVE-2026-39369 WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

7.6CVSS0.00412EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.3 views

PT-2026-30988

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

7.6CVSS5.8AI score0.00412EPSS
Exploits0References4
Rows per page
Query Builder