CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2026/03/28 4:59 p.m.•1 views

CVE-2026-33759

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/playlistsVideos.json.php endpoint returns the full video contents of any playlist by ID without any authentication or authorization check. Private playlists including watchlater and favorite types are...

5.3CVSS5.9AI score0.00072EPSS

Exploits1References1

OSV•added 2026/03/27 2:18 p.m.•3 views

CVE-2026-33759 AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents

5.3CVSS5.8AI score0.00072EPSS

Exploits1References4

CNNVD•added 2026/03/27 12:0 a.m.•2 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication or authorization checks for the objects/playlistsVideos.json.php...

5.3CVSS5.9AI score0.00072EPSS

Exploits1References2

CNNVD•added 2026/03/10 12:0 a.m.•3 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 25.0 contained security vulnerabilities. These vulnerabilities stemmed from the /objects/playlistsFromUser.json.php endpoint, which returned playlists for all users without...

6.9CVSS5.8AI score0.00118EPSS

Exploits1References3

ATTACKERKB•added 2026/03/09 10:35 p.m.•2 views

CVE-2026-30885

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

6.9CVSS5.8AI score0.00118EPSS

Exploits1References3Affected Software1

EUVD•added 2026/03/09 10:35 p.m.•4 views

EUVD-2026-10419

6.9CVSS5.8AI score0.00118EPSS

Exploits1References2

EUVD•added 2026/03/09 10:35 p.m.•2 views

EUVD-2026-10418

6.9CVSS5.8AI score0.00118EPSS

Exploits1References2

OSV•added 2026/02/11 9:16 p.m.•4 views

CVE-2020-37173

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the...

7.5CVSS5.5AI score

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by