Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization through the getapivideofile and getapivideo API endpoints in plugin/API/API.php. An attacker can retrieve direct playback URLs for...

CVE-2026-34369

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of password verification for the getapivideofile and getapivideo API endpoints, which...

EUVD-2025-203954

AVideo versions prior to 20.0 are vulnerable to an insecure direct object reference IDOR that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video...

EUVD-2012-6457

Malware in sbrugna...

Argument Injection

Overview Affected versions of this package are vulnerable to Argument Injection via the FFmpeg codec. An attacker in possession of a valid itemId can execute arbitrary code by injecting unsanitized parameters at the /Videos//stream or /Videos//stream. endpoints. Remediation Upgrade...

Polycom Command Shell Authorization Bypass

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prom...

Unspecified Cross-Site Scripting Vulnerability in Polycom HDX Video End Points

Polycom HDX Video End Points video conferencing system. An unspecified cross-site scripting vulnerability exists in Polycom HDX Video End Points. The vulnerability can be exploited to execute arbitrary HTML and script code in the browsers of trusted users in the context of an affected site, steal...

Polycom HDX Video End Points XML External Entity Denial of Service Vulnerability

Polycom HDX Video End Points video conferencing system. A denial of service vulnerability exists in Polycom HDX Video End Points. An attacker could exploit this vulnerability to cause a denial of service condition...

Polycom Command Shell Authorization Bypass

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prom...