2 matches found
CVE-2026-34731
WWBN AVideo (open source video platform) vulnerability in the Live plugin: in versions 26.0 and earlier, the on_publish_done.php RTMP callback endpoint allows unauthenticated termination of any active live stream. An attacker can enumerate active stream keys via the unauthenticated stats.json.php...
PT-2026-29361
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on publish done.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but...