CVE ID :CVE-2026-56345 Published : June 20, 2026, 6:27 p.m. | 42 minutes ago Description :AVideo through 29.0 contains an authorization bypass vulnerability in the Meet plugin's uploadRecordedVideo.json.php endpoint that derives the target users_id from the uploaded filename without...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-56345 - AVideo - Arbitrary User Session Hijacking via Meet Plugin uploadRecordedVideo Endpoint

VERWANDTEARTIKEL

CVE-2026-56340 - vLLM - Denial of Service via Unvalidated Multimodal Embeddings

CVE-2026-56341 - AVideo - Unauthenticated Access to Payment Log DataTables Endpoints via list.json.php

CVE-2026-5366 - Git Argument Injection in prefecthq/prefect

CVE-2024-58351 - Flowise - Remote Code Execution via overrideConfig Parameter

CVE-2022-50972 - WooCommerce 7.1.0 Remote Code Execution via class-wc-meta-box-product-images.php

CVE-2020-37255 - WordPress Time Capsule Plugin 1.21.16 Authentication Bypass