Lucene search
+L

10 matches found

cve
cve
added 2026/06/30 9:5 p.m.13 views

CVE-2026-58447

CVE-2026-58447 (Invidious) : A broken object-level authorization vulnerability affects Invidious up to version 2.20260626.0. An authenticated attacker can delete videos from other users’ playlists by supplying an arbitrary global video index to the remove_video endpoint, using per-video indices e...

7.1CVSS5.9AI score0.00225EPSS
Exploits0References4
nvd
nvd
added 2026/03/10 5:40 p.m.5 views

CVE-2026-30885

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

6.9CVSS0.00365EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/03/10 12:0 a.m.8 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 25.0 contained security vulnerabilities. These vulnerabilities stemmed from the /objects/playlistsFromUser.json.php endpoint, which returned playlists for all users without...

6.9CVSS5.8AI score0.00365EPSS
Exploits1References3
euvd
euvd
added 2026/03/09 10:35 p.m.5 views

EUVD-2026-10418

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

6.9CVSS5.8AI score0.00365EPSS
Exploits1References2
euvd
euvd
added 2026/03/09 10:35 p.m.7 views

EUVD-2026-10419

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

6.9CVSS5.8AI score0.00365EPSS
Exploits1References2
osv
osv
added 2026/03/09 10:35 p.m.8 views

CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

6.9CVSS5.9AI score0.00365EPSS
Exploits1References4
github
github
added 2026/03/07 2:25 a.m.7 views

AVideo has Unauthenticated IDOR - Playlist Information Disclosure

Product: AVideo https://github.com/WWBN/AVideo Version: Latest tested March 2026 Type: Insecure Direct Object Reference IDOR Auth Required: No User Interaction: None Summary The /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or...

6.9CVSS5.8AI score0.00365EPSS
Exploits1References4Affected Software1
snyk
snyk
added 2026/03/07 2:25 a.m.2 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via the playlistsFromUser.json.php. An attacker can access and enumerate sensitive playlist information belonging to any user by sending...

6.9CVSS5.9AI score0.00365EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/04/17 2:50 p.m.14 views

CVE-2025-32945

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request,...

4.3CVSS7AI score0.00284EPSS
Exploits1References1
hackerone
hackerone
added 2017/07/07 8:44 a.m.78 views

Pornhub: Private videos can be added to our playlists

The researcher discovered a way to add a user's private videos to a different user's playlist by way of a specially crafted request. Note that it is not possible to view another user's private video using this method IDOR/application logic flaw...

1.7AI score
Exploits0
Rows per page
Query Builder