CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

NVD•added 2026/03/23 3:16 p.m.•0 views

CVE-2026-33482

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters &&, ;, |, , . However, it fails ...

8.1CVSS0.00106EPSS

Exploits1References2

Vulnrichment•added 2026/03/23 2:10 p.m.•1 views

CVE-2026-33482 AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()

8.1CVSS6.1AI score0.00106EPSS

Exploits1References2

CVE•added 2026/03/23 2:10 p.m.•3 views

CVE-2026-33482

CVE-2026-33482 affects WWBN AVideo prior to 26.1 (up to 26.0) where sanitizeFFmpegCommand() fails to remove $() (bash command substitution). Since the sanitized ffmpeg command is executed in a double-quoted sh -c context, an attacker able to supply a crafted encrypted payload can achieve arbitrar...

8.1CVSS6.1AI score0.00106EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/03/23 2:10 p.m.•2 views

CVE-2026-33482

8.1CVSS6.1AI score0.00106EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2026/03/20 8:46 p.m.•4 views

AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()

Summary The sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters &&, ;, |, , . However, it fails to strip $ bash command substitution syntax. Since the sanitized command is...

8.1CVSS6.1AI score0.00106EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/03/20 12:0 a.m.•3 views

PT-2026-26769

8.1CVSS6.1AI score0.00106EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by