WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)

The fix for CVE-2026-27732 is incomplete. objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then fetches the response and stores it ...

CVE-2026-39370

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-controlled downloadURL values with common media or archive extensions such as .mp4, .mp3, .zip, .jpg, .png, .gif, and .webm to bypass SSRF validation. The server then...

EUVD-2021-15143

Malware in sbrugna...

EUVD-2021-30158

Malicious code in bioql PyPI...

Microsoft Web Media Extensions (Windows SMB Login)

SMB login-based detection of Microsoft Web Media Extensions. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Web Media Extensions RCE Vulnerability (Oct 2024)

Microsoft Web Media Extensions is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

SUSE CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

CVE-2021-43214

Web Media Extensions Remote Code Execution Vulnerability...

CVE-2021-43214

Web Media Extensions Remote Code Execution Vulnerability...

Remote code execution

Web Media Extensions Remote Code Execution Vulnerability...

CVE-2021-43214 Web Media Extensions Remote Code Execution Vulnerability

...

Microsoft Windows Codecs Library 代码注入漏洞

The Web Media Extensions package extends Microsoft Edge and Windows 10 to support open source formats commonly found on the Web.A remote code execution vulnerability exists in Microsoft Web Media Extensions. An attacker could exploit this vulnerability to execute code on the target host...

Mozilla Firefox Security Advisory (MFSA2016-77) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

The vulnerability of Web Media Extensions, related to improper code generation management, allows a hacker to execute arbitrary code.

The vulnerability of the Web Media Extensions extension package is related to incorrect code generation management. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2021-28465

Web Media Extensions Remote Code Execution Vulnerability...

Remote code execution

Web Media Extensions Remote Code Execution Vulnerability...

CVE-2021-28465 Web Media Extensions Remote Code Execution Vulnerability

...

CVE-2021-28465

CVE-2021-28465 affects Microsoft Windows Web Media Extensions (Web Media Extensions library). The vulnerability is a remote code execution in the Web Media Extensions component, with root cause described in public advisories as a buffer/codec-related issue enabling arbitrary code execution when p...

CVE-2021-28465 Web Media Extensions Remote Code Execution Vulnerability

...