2 matches found
CVE-2026-59704
Cap’s GET /api/video/ai endpoint lacks proper ownership/membership validation, exposing private video AI metadata (titles, summaries, chapters) and enabling authenticated attackers to solicit arbitrary video IDs to read sensitive content. This may also trigger unauthorized AI generation that depl...
CVE-2022-25817
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent...