Lucene search
+L

4 matches found

osv
osv
added 2026/05/11 8:34 p.m.3 views

CVE-2026-43877 WWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary Bytes

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the decoded bytes to videos/userPhoto/photo.png. Its only access control is User::isLogged. It does not...

5.4CVSS6AI score0.00121EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/04/21 7:55 p.m.5 views

CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without sanitizing the msg or callback fields. On the client side, plugin/YPTSocket/script.js contains two eval...

10CVSS5.9AI score0.00645EPSS
Exploits1References2
github
github
added 2026/03/31 11:57 p.m.19 views

OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing

Summary ACP-only provenance fields in chat.send were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state. Impact A normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2025/05/23 8:56 a.m.6 views

CVE-2024-29897

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with delete or suppressrevision on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. T...

4.9CVSS6.7AI score0.00708EPSS
Exploits0References1
Rows per page
Query Builder