CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

RedhatCVE•added 2026/04/07 11:1 p.m.•3 views

CVE-2026-35180

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00027EPSS

Exploits1References1

NVD•added 2026/04/06 8:16 p.m.•3 views

CVE-2026-35180

4.3CVSS0.00027EPSS

Exploits1References1

CVE•added 2026/04/06 7:6 p.m.•7 views

CVE-2026-35180

WWBN AVideo (versions 26.0 and prior) is affected by CVE-2026-35180 due to a CSRF vulnerability in the site customization endpoint (admin/customize_settings_nativeUpdate.json.php) that lacks CSRF validation and writes uploaded logo files to disk before ORM domain checks. Combined with SameSite=No...

4.3CVSS5.8AI score0.00027EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/04/06 7:6 p.m.•1 views

CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

4.3CVSS5.8AI score0.00027EPSS

Exploits1References1

Cvelist•added 2026/04/06 7:6 p.m.•16 views

CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write

4.3CVSS0.00027EPSS

Exploits1References1

EUVD•added 2026/04/06 7:6 p.m.•1 views

EUVD-2026-19454

4.3CVSS5.8AI score0.00027EPSS

Exploits1References1

ATTACKERKB•added 2026/04/06 7:6 p.m.•3 views

CVE-2026-35180

4.3CVSS5.8AI score0.00027EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/04/06 12:0 a.m.•2 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token verification for custom site endpoints, which could allow...

4.3CVSS5.7AI score0.00027EPSS

Exploits1References2

Positive Technologies•added 2026/04/06 12:0 a.m.•1 views

PT-2026-30713

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize settings nativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00027EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by