10 matches found
EUVD-2026-40415
Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...
CVE-2026-58447 Invidious - Cross-User Playlist Video Deletion via Missing Ownership Check
Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...
CVE-2026-58447
CVE-2026-58447 (Invidious) : A broken object-level authorization vulnerability affects Invidious up to version 2.20260626.0. An authenticated attacker can delete videos from other users’ playlists by supplying an arbitrary global video index to the remove_video endpoint, using per-video indices e...
PT-2026-53996
Name of the Vulnerable Software and Affected Versions Invidious versions prior to 2.20260626.0 Description An issue exists where authenticated attackers can delete videos from playlists belonging to other users. This occurs because the system fails to validate ownership when a request is made to...
CVE-2024-11354
The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delytsingvid function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...
PT-2024-16929 · WordPress · The Ultimate Youtube Video & Shorts Player With Vimeo
Name of the Vulnerable Software and Affected Versions: The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress versions up to, and including, 3.3 Description: The issue is related to a missing capability check on the del ytsingvid function, allowing authenticated attackers with...
CVE-2024-47828 Cross-Site Request Forgery in ampache
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc.. Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they a...
CVE-2024-47828 Cross-Site Request Forgery in ampache
ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc.. Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they a...
CVE-2024-47828
CVE-2024-47828 affects the Ampache web-based audio/video streaming application and file manager. The connected sources describe a Cross-Site Request Forgery (CSRF) vulnerability that lets an attacker cause authenticated users to delete objects (such as playlists or smartlists) by submitting a mal...
Ampache 安全漏洞
Ampache is an open source web-based audio/video application and file manager from Ampache. A security vulnerability exists in Ampache that stems from the ability to delete objects playlists, smartlists, etc. via a cross-site request forgery attack...