CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

87 matches found

NVD•added 2026/04/21 11:16 p.m.•1 views

CVE-2026-41056

WWBN AVideo is an open source video platform. In versions 29.0 and below, the allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This function is called by both...

8.1CVSS0.00108EPSS

Exploits1References2

ATTACKERKB•added 2026/04/21 10:35 p.m.•0 views

CVE-2026-41056

8.1CVSS5.9AI score0.00108EPSS

Exploits1References3Affected Software1

CVE•added 2026/04/21 10:35 p.m.•13 views

CVE-2026-41056

WWBN AVideo (versions 29.0 and below) is affected by a cross-origin vulnerability where allowOrigin($allowAll=true) reflects arbitrary Origin headers in Access-Control-Allow-Origin together with Access-Control-Allow-Credentials: true. The reflection occurs in objects/functions.php and is invoked ...

8.1CVSS5.9AI score0.00108EPSS

Exploits1References2Affected Software1

EUVD•added 2026/04/21 10:35 p.m.•1 views

EUVD-2026-24531

8.1CVSS5.9AI score0.00108EPSS

Exploits1References2

Positive Technologies•added 2026/04/21 12:0 a.m.•1 views

PT-2026-34202

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description The allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This...

8.1CVSS5.9AI score0.00108EPSS

Exploits1References5

OSV•added 2026/04/14 11:18 p.m.•6 views

GHSA-CCQ9-R5CW-5HWQ WWBN AVideo has CORS Origin Reflection with Credentials on Sensitive API Endpoints Enables Cross-Origin Account Takeover

Summary The allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This function is called by both plugin/API/get.json.php and plugin/API/set.json.php — the primary API...

8.1CVSS5.9AI score0.00108EPSS

Exploits1References4

Wired Threat Level•added 2026/03/18 10:30 a.m.•3 views

Livestream Replay: The War Machine

A panel of WIRED experts dissected the defense tech industry’s impact on modern warfare...

5.8AI score

Exploits0

RedhatCVE•added 2026/01/09 9:17 a.m.•9 views

CVE-2025-23164

A misconfigured access token mechanism in the Unifi Protect Application Version 5.3.41 and earlier could permit the recipient of a "Share Livestream" link to maintain access to the corresponding livestream subsequent to such link becoming disabled...

4.4CVSS6.8AI score0.00178EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2014-4467

Malware in sbrugna...

4.3CVSS6.4AI score0.00174EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-2775

Malware in sbrugna...

5.3CVSS6.6AI score0.01893EPSS

Exploits0References16

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-27705

Malicious code in bioql PyPI...

4.4CVSS4.9AI score0.00178EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-31357

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00079EPSS

Exploits1References1

OSV•added 2025/06/23 11:15 p.m.•1 views

CVE-2025-6528

A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to...

4.3CVSS4.5AI score0.00174EPSS

Exploits1References4

CNNVD•added 2025/06/23 12:0 a.m.•2 views

70mai M300 授权问题漏洞

70mai M300 is a smart recorder from 70mai 70mai, a Chinese company. An authorization issue vulnerability exists in 70mai M300 20250611 and prior versions, which stems from improper authentication due to incorrect operation of file /livestream/12...

5.3CVSS5AI score0.00174EPSS

Exploits1References5

NVD•added 2025/05/19 2:15 a.m.•11 views

CVE-2025-23164

4.4CVSS0.00178EPSS

Exploits0References1

Cvelist•added 2025/05/19 1:25 a.m.•11 views

CVE-2025-23164

4.4CVSS0.00178EPSS

Exploits0References1

Vulnrichment•added 2025/05/19 1:25 a.m.•4 views

CVE-2025-23164

4.4CVSS4.7AI score0.00178EPSS

Exploits0References1

CVE•added 2025/05/19 1:25 a.m.•29 views

CVE-2025-23164

CVE-2025-23164 affects UniFi Protect Application (versions 5.3.41 and earlier). A misconfigured access token mechanism in the Share Livestream feature can let the recipient of a Share Livestream link maintain access to the livestream after the link is disabled, constituting an authorization bypas...

4.4CVSS6.8AI score0.00178EPSS

Exploits0References1

Positive Technologies•added 2025/05/06 12:0 a.m.•1 views

PT-2025-20553 · Ubiquiti · Unifi Protect Application

Name of the Vulnerable Software and Affected Versions: Unifi Protect Application versions 5.3.41 and earlier Description: The issue is related to a misconfigured access token mechanism in the Share Livestream feature of the Unifi Protect Application. This could allow an unauthorized user to...

4.9CVSS4.6AI score0.00178EPSS

Exploits0References8

Malwarebytes•added 2024/10/08 3:30 p.m.•10 views

Exposing the Facebook funeral livestream scam (Lock and Code S05E21)

This week on the Lock and Code podcast … Online scammers were seen this August stooping to a new low—abusing local funerals to steal from bereaved family and friends. Cybercrime has never been a job of morals calling it a "job" is already lending it too much credit, but, for many years, scams...

7.3AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by