CVE-2026-33493 AVideo has a Path Traversal in import.json.php that Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...

CVE-2026-33493 AVideo has a Path Traversal in import.json.php that Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...

Google Chrome multiple vulnerabilities - Dec10 (Linux)

The host is running Google Chrome and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbgooglechromemultvulndec10lin01.nasl 5306 2017-02-16 09:00:16Z teissa $ Google Chrome multiple vulnerabilities - Dec10 Linux Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networ...

Google Chrome < 8.0.552.215 Multiple Vulnerabilities

Binary data 800959.prm...

Google Chrome < 8.0.552.215 Multiple Vulnerabilities

Binary data 5719.pasl...

Google Chrome < 8.0.552.215 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 8.0.552.215. Such versions are reportedly affected by multiple vulnerabilities : - It may be possible to bypass the pop-up blocker. Issue 17655 - A cross-origin video theft vulnerability exists related to canvas. Issue 5574...