Lucene search
K

10 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40415

Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...

7.1CVSS5.9AI score0.00225EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-58447 Invidious - Cross-User Playlist Video Deletion via Missing Ownership Check

Invidious through 2.20260626.0, fixed in commit 77ad416, contains a broken object level authorization vulnerability that allows authenticated attackers to delete videos from other users' playlists by supplying an arbitrary global video index in the removevideo action of the playlist endpoint...

7.1CVSS0.00225EPSS
Exploits0References4
CVE
CVE
added 5 days ago8 views

CVE-2026-58447

CVE-2026-58447 (Invidious) : A broken object-level authorization vulnerability affects Invidious up to version 2.20260626.0. An authenticated attacker can delete videos from other users’ playlists by supplying an arbitrary global video index to the remove_video endpoint, using per-video indices e...

7.1CVSS5.9AI score0.00225EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 5 days ago4 views

PT-2026-53996

Name of the Vulnerable Software and Affected Versions Invidious versions prior to 2.20260626.0 Description An issue exists where authenticated attackers can delete videos from playlists belonging to other users. This occurs because the system fails to validate ownership when a request is made to...

7.1CVSS6AI score0.00225EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 7:51 a.m.13 views

CVE-2024-11354

The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delytsingvid function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with...

4.3CVSS6.4AI score0.0054EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.6 views

PT-2024-16929 · WordPress · The Ultimate Youtube Video & Shorts Player With Vimeo

Name of the Vulnerable Software and Affected Versions: The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress versions up to, and including, 3.3 Description: The issue is related to a missing capability check on the del ytsingvid function, allowing authenticated attackers with...

4.3CVSS9.3AI score0.0054EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/10/09 6:35 p.m.7 views

CVE-2024-47828 Cross-Site Request Forgery in ampache

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc.. Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they a...

5.3CVSS7AI score0.00288EPSS
Exploits1References1
OSV
OSV
added 2024/10/09 6:35 p.m.8 views

CVE-2024-47828 Cross-Site Request Forgery in ampache

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc.. Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they a...

5.3CVSS6.5AI score0.00288EPSS
Exploits1References3
CVE
CVE
added 2024/10/09 6:35 p.m.49 views

CVE-2024-47828

CVE-2024-47828 affects the Ampache web-based audio/video streaming application and file manager. The connected sources describe a Cross-Site Request Forgery (CSRF) vulnerability that lets an attacker cause authenticated users to delete objects (such as playlists or smartlists) by submitting a mal...

6.5CVSS5.5AI score0.00288EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/10/09 12:0 a.m.4 views

Ampache 安全漏洞

Ampache is an open source web-based audio/video application and file manager from Ampache. A security vulnerability exists in Ampache that stems from the ability to delete objects playlists, smartlists, etc. via a cross-site request forgery attack...

6.5CVSS6.5AI score0.00288EPSS
Exploits1References2
Rows per page
Query Builder