3 matches found
CVE-2026-59704
Cap’s GET /api/video/ai endpoint lacks proper ownership/membership validation, exposing private video AI metadata (titles, summaries, chapters) and enabling authenticated attackers to solicit arbitrary video IDs to read sensitive content. This may also trigger unauthorized AI generation that depl...
PT-2026-56279
Name of the Vulnerable Software and Affected Versions Cap affected versions not specified Description The 'GET /api/video/ai' endpoint fails to validate user ownership or membership. This allows authenticated attackers to provide arbitrary video IDs to access private AI metadata, such as titles,...
CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure
WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...