5 matches found
CVE-2026-33867 AVideo has Plaintext Video Password Storage
WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to th...
CVE-2026-33867 AVideo has Plaintext Video Password Storage
WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to th...
CVE-2026-33867
Summary of the CVE and details from connected sources : The vulnerability CVE-2026-33867 affects WWBN AVideo (and Red Hat, NVD, OSV, etc. references) in versions up to and including 26.0, where video passwords are stored in plaintext in the database without hashing or encryption. If an attacker c...
GHSA-363V-5RH8-23WG AVideo has Plaintext Video Password Storage
Summary AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext — no hashing, salting, or encryption is applied. If an attacker gains read access to the database via SQL injection, a database backup, or misconfigured access...
PT-2026-28533
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The get api video password is correct API endpoint allows any unauthenticated user to verify whether a given password is correct for any password-protected video. The endpoint returns a...