CVE-2026-30885 in AVideoinfo

Zusammenfassung

von MITRE • 10.03.2026

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playlist names, video IDs, and playlist status for any user on the platform. This vulnerability is fixed in 25.0.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

06.03.2026

Veröffentlichung

10.03.2026

Moderieren

akzeptiert

Eintrag

VDB-349900

CPE

bereit

CWE

CWE-306 (bestätigt)

CVSS

5.3 (NVD)

EPSS

0.00118

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-30885
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-30885
CVE Details	https://www.cvedetails.com/cve/CVE-2026-30885/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!