CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

88 matches found

NVD•added 2026/04/21 11:16 p.m.•6 views

CVE-2026-41056

WWBN AVideo is an open source video platform. In versions 29.0 and below, the allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This function is called by both...

8.1CVSS0.00335EPSS

Exploits1References2

EUVD•added 2026/04/21 10:35 p.m.•6 views

EUVD-2026-24531

8.1CVSS5.9AI score0.00335EPSS

Exploits1References2

CVE•added 2026/04/21 10:35 p.m.•28 views

CVE-2026-41056

WWBN AVideo (versions 29.0 and below) is affected by a cross-origin vulnerability where allowOrigin($allowAll=true) reflects arbitrary Origin headers in Access-Control-Allow-Origin together with Access-Control-Allow-Credentials: true. The reflection occurs in objects/functions.php and is invoked ...

8.1CVSS5.9AI score0.00335EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/04/21 10:35 p.m.•2 views

CVE-2026-41056

8.1CVSS5.9AI score0.00335EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/04/21 12:0 a.m.•4 views

PT-2026-34202

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description The allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This...

8.1CVSS5.9AI score0.00335EPSS

Exploits1References5

OSV•added 2026/04/14 11:18 p.m.•9 views

GHSA-CCQ9-R5CW-5HWQ WWBN AVideo has CORS Origin Reflection with Credentials on Sensitive API Endpoints Enables Cross-Origin Account Takeover

Summary The allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This function is called by both plugin/API/get.json.php and plugin/API/set.json.php — the primary API...

8.1CVSS5.9AI score0.00335EPSS

Exploits1References4

Wired Threat Level•added 2026/03/18 10:30 a.m.•5 views

Livestream Replay: The War Machine

A panel of WIRED experts dissected the defense tech industry’s impact on modern warfare...

5.8AI score

Exploits0

RedhatCVE•added 2026/01/09 9:17 a.m.•11 views

CVE-2025-23164

A misconfigured access token mechanism in the Unifi Protect Application Version 5.3.41 and earlier could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled...

4.4CVSS6.8AI score0.00297EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2019-2775

Malware in sbrugna...

5.3CVSS6.6AI score0.03232EPSS

Exploits0References16

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2014-4467

Malware in sbrugna...

4.3CVSS6.4AI score0.01629EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-31357

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00379EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-27705

Malicious code in bioql PyPI...

4.4CVSS4.9AI score0.00297EPSS

Exploits0References1

OSV•added 2025/06/23 11:15 p.m.•2 views

CVE-2025-6528

A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to...

4.3CVSS4.5AI score0.00563EPSS

Exploits1References4

CNNVD•added 2025/06/23 12:0 a.m.•5 views

70mai M300 授权问题漏洞

70mai M300 is a smart recorder from 70mai 70mai, a Chinese company. An authorization issue vulnerability exists in 70mai M300 20250611 and prior versions, which stems from improper authentication due to incorrect operation of file /livestream/12...

5.3CVSS5AI score0.00563EPSS

Exploits1References5

NVD•added 2025/05/19 2:15 a.m.•13 views

CVE-2025-23164

4.4CVSS0.00297EPSS

Exploits0References1

Cvelist•added 2025/05/19 1:25 a.m.•14 views

CVE-2025-23164

4.4CVSS0.00297EPSS

Exploits0References1

Vulnrichment•added 2025/05/19 1:25 a.m.•6 views

CVE-2025-23164

4.4CVSS4.7AI score0.00297EPSS

Exploits0References1

CVE•added 2025/05/19 1:25 a.m.•38 views

CVE-2025-23164

CVE-2025-23164 affects UniFi Protect Application (versions 5.3.41 and earlier). A misconfigured access token mechanism in the Share Livestream feature can let the recipient of a Share Livestream link maintain access to the livestream after the link is disabled, constituting an authorization bypas...

4.4CVSS6.8AI score0.00297EPSS

Exploits0References1

BDU FSTEC•added 2025/05/16 12:0 a.m.•4 views

The vulnerability of the Share Livestream module in the UniFi Protect video surveillance system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Share Livestream module in the UniFi Protect video surveillance system is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder, operating remotely, to gain unauthorized access to protected information...

4.9CVSS5.4AI score0.00297EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2025/05/06 12:0 a.m.•6 views

PT-2025-20553 · Ubiquiti · Unifi Protect Application

Name of the Vulnerable Software and Affected Versions: Unifi Protect Application versions 5.3.41 and earlier Description: The issue is related to a misconfigured access token mechanism in the Share Livestream feature of the Unifi Protect Application. This could allow an unauthorized user to...

4.9CVSS4.6AI score0.00297EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by