Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
8.8 HIGH
CVE-2026-4554 — Tenda F453 WriteFacMac FormWriteFacMac privilege escalation

A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in comman…

f453_firmware f453 | Remote | Injection
Mar 22, 2026 Apr 03, 2026
Mar 22, 2026
Apr 03, 2026
7.5 HIGH
CVE-2026-33319 — AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shel…

WWBN AVideo is an open source video platform. Prior to version 26.0, the `uploadVideoToLinkedIn()` method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an up…

avideo | Remote | Injection
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
6.1 MEDIUM
CVE-2026-33296 — AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains an open redirect vulnerability in the login flow where a user-supplied redirectUri parameter is reflected dir…

avideo | Remote | Misconfiguration
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
8.2 HIGH
CVE-2026-33295 — AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The `clean_title`…

avideo | Remote | Cross-Site Scripting
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
5.0 MEDIUM
CVE-2026-33294 — AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resourc…

WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint (`plugin/BulkEmbed/save.json.php`) fetches user-supplied thumbnail URLs via `url_get_contents…

avideo | Remote | Server-Side Request Forgery
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
8.1 HIGH
CVE-2026-33293 — AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Par…

WWBN AVideo is an open source video platform. Prior to version 26.0, the `deleteDump` parameter in `plugin/CloneSite/cloneServer.json.php` is passed directly to `unlink()` without any path sanitizati…

avideo | Remote | Path Traversal
Mar 22, 2026 Mar 24, 2026
Mar 22, 2026
Mar 24, 2026
7.5 HIGH
CVE-2026-33292 — AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Priva…

WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint (`view/hls.php`) is vulnerable to a path traversal attack that allows an unauthenticated attacker to st…

avideo | Remote | Path Traversal
Mar 22, 2026 Mar 23, 2026
Mar 22, 2026
Mar 23, 2026
Showing 20 of 6067 Results