CVE-2026-33764 AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's save.json.php endpoint loads AI response objects using an attacker-controlled $REQUEST'id' parameter without validating that the AI response belongs to the specified video. An authenticated user wi...

Temporal Unlearnable Examples: Preventing Personal Video Data from Unauthorized Exploitation by Object Tracking

With the rise of social media, vast amounts of user-uploaded videos e.g., YouTube are utilized as training data for Visual Object Tracking VOT. However, the VOT community has largely overlooked video data-privacy issues, as many private videos have been collected and used for training commercial...

CVE-2022-22643

This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so...

HBO sued for sharing subscriber data with Facebook

HBO Max subscribers Angel McDaniel and Constance Simon filed a class-action lawsuit against HBO on Tuesday, alleging that the company has violated their privacy by sharing subscriber viewing data with Facebook. Bursor & Fisher filed the case on behalf of McDaniel and Simon. According to case...

CVE-2018-12592

Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting when the user has explicitly chosen to turn off the video using a specific option. During those seconds, a meeting invitee may unknowingly be on camera with other participants able t...