CVE-2026-33292

Summary (CVE-2026-33292) : WWBN AVideo is vulnerable prior to 26.0 due to a path traversal split-oracle in the HLS endpoint view/hls.php. The GET parameter videoDirectory is processed in two code paths: an authorization path that truncates after the first slash, and a file-access path that preser...

PT-2026-26470

Summary The HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two divergent code paths — one for authorization which truncates at the...

Xiongmai XM530 安全漏洞

Xiongmai XM530 is a video surveillance camera from the Chinese company Xiongmai. A security vulnerability exists in the Xiongmai XM530 IP cameras firmware version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06, which stems from GetStreamUri exposing RTSP URIs containing hard-coded credentials, whi...

CVE-2025-30111

On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper authentication...

What the Jetflicks and iStreamItAll Takedowns Mean for Piracy

In a sweeping indictment, the feds came down hard on two unauthorized streaming services that allegedly crossed a very important line...