{"url":"http://public2.vulnerablecode.io/api/packages/39484?format=json","purl":"pkg:composer/wwbn/avideo@21.0.0","type":"composer","namespace":"wwbn","name":"avideo","version":"21.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73939?format=json","vulnerability_id":"VCID-5cpq-6d2b-xkdv","summary":"WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached service on host port 11211 (0.0.0.0:11211) with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data — enabling session hijacking, admin impersonation, and mass session destruction without any application-level authentication. This issue has been patched in version 24.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29093","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.14094","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.14096","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13974","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29093"},{"reference_url":"https://github.com/WWBN/AVideo/releases/tag/24.0","reference_id":"24.0","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T15:58:30Z/"}],"url":"https://github.com/WWBN/AVideo/releases/tag/24.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29093","reference_id":"CVE-2026-29093","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29093"},{"reference_url":"https://github.com/advisories/GHSA-xxpw-32hf-q8v9","reference_id":"GHSA-xxpw-32hf-q8v9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxpw-32hf-q8v9"},{"reference_url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-xxpw-32hf-q8v9","reference_id":"GHSA-xxpw-32hf-q8v9","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T15:58:30Z/"}],"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-xxpw-32hf-q8v9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/951675?format=json","purl":"pkg:composer/wwbn/avideo@22.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxg-fdaa-tygg"},{"vulnerability":"VCID-1mmh-vt31-kbbb"},{"vulnerability":"VCID-1qcx-tqcr-kbhy"},{"vulnerability":"VCID-1sx8-5eer-97aq"},{"vulnerability":"VCID-1uab-dgtz-hqcm"},{"vulnerability":"VCID-1ubr-3dt8-p3e4"},{"vulnerability":"VCID-24w8-qw1k-m3ev"},{"vulnerability":"VCID-2a5z-m2yv-13au"},{"vulnerability":"VCID-2ny7-udfn-qqdw"},{"vulnerability":"VCID-2qn5-shar-r7fb"},{"vulnerability":"VCID-3jdq-k9t3-ekc5"},{"vulnerability":"VCID-44jq-pmnk-q7e3"},{"vulnerability":"VCID-48c5-cxqf-7yar"},{"vulnerability":"VCID-4a4v-b69w-xbdt"},{"vulnerability":"VCID-4ag1-ypp7-3ygs"},{"vulnerability":"VCID-4sua-ynnm-3qhm"},{"vulnerability":"VCID-4y4j-99kg-eybw"},{"vulnerability":"VCID-4zu3-f1vr-kygk"},{"vulnerability":"VCID-6t1w-33wc-r7gu"},{"vulnerability":"VCID-72qa-csxh-5ubs"},{"vulnerability":"VCID-77m3-thwg-pkex"},{"vulnerability":"VCID-7an2-kvub-wbdc"},{"vulnerability":"VCID-7kkx-jynh-q3cd"},{"vulnerability":"VCID-83j9-2b59-nff2"},{"vulnerability":"VCID-88hg-8udu-ebd4"},{"vulnerability":"VCID-8b22-g4th-cba2"},{"vulnerability":"VCID-8gf9-8z1j-hbcn"},{"vulnerability":"VCID-8y3y-7nys-63cb"},{"vulnerability":"VCID-8y9d-2wpy-pqfj"},{"vulnerability":"VCID-8z3w-xyuw-eydt"},{"vulnerability":"VCID-8zdd-12d9-mkdt"},{"vulnerability":"VCID-926w-fk1u-vfct"},{"vulnerability":"VCID-92s2-qetk-bucr"},{"vulnerability":"VCID-9kxm-dc2y-63dm"},{"vulnerability":"VCID-a5a6-qmzf-gbcz"},{"vulnerability":"VCID-abdr-zm3m-pfa2"},{"vulnerability":"VCID-az4q-s63g-d7ds"},{"vulnerability":"VCID-azqu-ezb2-pyd8"},{"vulnerability":"VCID-bcrg-a29u-cqdt"},{"vulnerability":"VCID-bu5v-zyym-j7gh"},{"vulnerability":"VCID-bz89-e7ng-tbaa"},{"vulnerability":"VCID-c654-1erv-h7c8"},{"vulnerability":"VCID-c8uz-mfg4-5qhc"},{"vulnerability":"VCID-cafa-py93-5yea"},{"vulnerability":"VCID-cea3-yyc7-duef"},{"vulnerability":"VCID-ck51-5j7d-27bx"},{"vulnerability":"VCID-cmsu-gm2f-xbdc"},{"vulnerability":"VCID-cps6-m7k1-73ac"},{"vulnerability":"VCID-cxqg-yhat-8ff3"},{"vulnerability":"VCID-d3ad-s4dr-nydz"},{"vulnerability":"VCID-dgq8-x6f4-1khy"},{"vulnerability":"VCID-dsjq-6q73-73bm"},{"vulnerability":"VCID-du2m-rmty-wkgs"},{"vulnerability":"VCID-e6ub-tmcu-vqcn"},{"vulnerability":"VCID-e8x6-xu14-uuaf"},{"vulnerability":"VCID-ejz4-zxyp-4qbf"},{"vulnerability":"VCID-em2c-wz4r-effx"},{"vulnerability":"VCID-enrr-p3bb-5qgs"},{"vulnerability":"VCID-f6db-4ua5-uqcx"},{"vulnerability":"VCID-fkgn-tmte-nqa3"},{"vulnerability":"VCID-g3j5-kv46-9ydx"},{"vulnerability":"VCID-g4k9-hsbh-g7f9"},{"vulnerability":"VCID-g4r8-kvwz-jyct"},{"vulnerability":"VCID-gdvd-yzgn-efgk"},{"vulnerability":"VCID-gzsg-72e2-q3gv"},{"vulnerability":"VCID-hh4v-wfju-ayc6"},{"vulnerability":"VCID-j1dv-68kj-1qb9"},{"vulnerability":"VCID-j4js-8jyt-pbec"},{"vulnerability":"VCID-jbba-q6ga-g3hs"},{"vulnerability":"VCID-jbkf-m3xe-tqa2"},{"vulnerability":"VCID-js47-rw1w-eudm"},{"vulnerability":"VCID-k42k-auyh-4yce"},{"vulnerability":"VCID-kbk6-xmz6-gkhk"},{"vulnerability":"VCID-kmas-k2bp-5ybw"},{"vulnerability":"VCID-kpmf-anhv-rybp"},{"vulnerability":"VCID-m31s-e72s-pkgm"},{"vulnerability":"VCID-m7r7-sda9-17et"},{"vulnerability":"VCID-mez8-49wu-cyee"},{"vulnerability":"VCID-mgwj-kzz5-6fbb"},{"vulnerability":"VCID-mkq2-6efr-p3gs"},{"vulnerability":"VCID-mrzq-ssp8-xbba"},{"vulnerability":"VCID-nmhb-cp3q-wqd3"},{"vulnerability":"VCID-nmts-t2t9-v7dx"},{"vulnerability":"VCID-p1nt-1p6r-bqd7"},{"vulnerability":"VCID-pam6-fens-pya2"},{"vulnerability":"VCID-ppsd-gq8m-nqde"},{"vulnerability":"VCID-qpnv-m8hy-hkcv"},{"vulnerability":"VCID-qxzn-79e5-akgq"},{"vulnerability":"VCID-rrtd-fcbr-zbcj"},{"vulnerability":"VCID-s29b-sb6b-3bbe"},{"vulnerability":"VCID-sh26-67hw-rbhp"},{"vulnerability":"VCID-sh8g-92zt-17gp"},{"vulnerability":"VCID-sq4d-x8fk-4ugy"},{"vulnerability":"VCID-sqyg-vnng-yqab"},{"vulnerability":"VCID-teva-kx8a-ffdk"},{"vulnerability":"VCID-tjkb-bmeg-67dc"},{"vulnerability":"VCID-tk1p-zzv1-h3en"},{"vulnerability":"VCID-tm48-ttzz-fbd3"},{"vulnerability":"VCID-ttqk-knnt-gyfd"},{"vulnerability":"VCID-u589-8g4c-nud2"},{"vulnerability":"VCID-ueb9-bcsn-dkep"},{"vulnerability":"VCID-va5e-y5cp-nbhc"},{"vulnerability":"VCID-vhea-b7uf-7ye6"},{"vulnerability":"VCID-vrg4-4g58-8fg8"},{"vulnerability":"VCID-vs1z-e52e-xugy"},{"vulnerability":"VCID-vs6z-zgcf-ffb7"},{"vulnerability":"VCID-w4ky-scpt-mkf4"},{"vulnerability":"VCID-w7pj-efhx-r3d3"},{"vulnerability":"VCID-wfuc-qz2z-wbh9"},{"vulnerability":"VCID-wt13-k7hv-9be6"},{"vulnerability":"VCID-wybg-a5q1-hkgv"},{"vulnerability":"VCID-wysq-vy3r-qkbw"},{"vulnerability":"VCID-x79z-g8re-vyey"},{"vulnerability":"VCID-xhs6-cfzj-w7c6"},{"vulnerability":"VCID-y7g3-dk1p-s3aq"},{"vulnerability":"VCID-ybae-jsp4-3qhz"},{"vulnerability":"VCID-yhc1-d5ug-y3b2"},{"vulnerability":"VCID-ywr4-5ybx-b3d4"},{"vulnerability":"VCID-yyf4-tsdh-wfdn"},{"vulnerability":"VCID-z8t4-ckvj-83dh"},{"vulnerability":"VCID-z9ga-c78y-v3bq"},{"vulnerability":"VCID-zau7-46nj-zkdz"},{"vulnerability":"VCID-zu5x-18yv-bbb2"},{"vulnerability":"VCID-zxzw-et7f-ybhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@22.0"}],"aliases":["CVE-2026-29093","GHSA-xxpw-32hf-q8v9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cpq-6d2b-xkdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79789?format=json","vulnerability_id":"VCID-6w9m-5apg-zfc1","summary":"WWBN AVideo is an open source video platform. Prior to version 22.0, the `aVideoEncoder.json.php` API endpoint accepts a `downloadURL` parameter and fetches the referenced resource server-side without proper validation or an allow-list. This allows authenticated users to trigger server-side requests to arbitrary URLs (including internal network endpoints). An authenticated attacker can leverage SSRF to interact with internal services and retrieve sensitive data (e.g., internal APIs, metadata services), potentially leading to further compromise depending on the deployment environment. This issue has been fixed in AVideo version 22.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27732","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13302","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13294","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13194","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27732"},{"reference_url":"https://github.com/WWBN/AVideo/releases/tag/22.0","reference_id":"22.0","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-27T20:49:30Z/"}],"url":"https://github.com/WWBN/AVideo/releases/tag/22.0"},{"reference_url":"https://github.com/WWBN/AVideo/commit/384ef2548093f4cbb1bfac00f1f429fe57fab853","reference_id":"384ef2548093f4cbb1bfac00f1f429fe57fab853","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-27T20:49:30Z/"}],"url":"https://github.com/WWBN/AVideo/commit/384ef2548093f4cbb1bfac00f1f429fe57fab853"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27732","reference_id":"CVE-2026-27732","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27732"},{"reference_url":"https://github.com/advisories/GHSA-h39h-7cvg-q7j6","reference_id":"GHSA-h39h-7cvg-q7j6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h39h-7cvg-q7j6"},{"reference_url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-h39h-7cvg-q7j6","reference_id":"GHSA-h39h-7cvg-q7j6","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-27T20:49:30Z/"}],"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-h39h-7cvg-q7j6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/951675?format=json","purl":"pkg:composer/wwbn/avideo@22.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxg-fdaa-tygg"},{"vulnerability":"VCID-1mmh-vt31-kbbb"},{"vulnerability":"VCID-1qcx-tqcr-kbhy"},{"vulnerability":"VCID-1sx8-5eer-97aq"},{"vulnerability":"VCID-1uab-dgtz-hqcm"},{"vulnerability":"VCID-1ubr-3dt8-p3e4"},{"vulnerability":"VCID-24w8-qw1k-m3ev"},{"vulnerability":"VCID-2a5z-m2yv-13au"},{"vulnerability":"VCID-2ny7-udfn-qqdw"},{"vulnerability":"VCID-2qn5-shar-r7fb"},{"vulnerability":"VCID-3jdq-k9t3-ekc5"},{"vulnerability":"VCID-44jq-pmnk-q7e3"},{"vulnerability":"VCID-48c5-cxqf-7yar"},{"vulnerability":"VCID-4a4v-b69w-xbdt"},{"vulnerability":"VCID-4ag1-ypp7-3ygs"},{"vulnerability":"VCID-4sua-ynnm-3qhm"},{"vulnerability":"VCID-4y4j-99kg-eybw"},{"vulnerability":"VCID-4zu3-f1vr-kygk"},{"vulnerability":"VCID-6t1w-33wc-r7gu"},{"vulnerability":"VCID-72qa-csxh-5ubs"},{"vulnerability":"VCID-77m3-thwg-pkex"},{"vulnerability":"VCID-7an2-kvub-wbdc"},{"vulnerability":"VCID-7kkx-jynh-q3cd"},{"vulnerability":"VCID-83j9-2b59-nff2"},{"vulnerability":"VCID-88hg-8udu-ebd4"},{"vulnerability":"VCID-8b22-g4th-cba2"},{"vulnerability":"VCID-8gf9-8z1j-hbcn"},{"vulnerability":"VCID-8y3y-7nys-63cb"},{"vulnerability":"VCID-8y9d-2wpy-pqfj"},{"vulnerability":"VCID-8z3w-xyuw-eydt"},{"vulnerability":"VCID-8zdd-12d9-mkdt"},{"vulnerability":"VCID-926w-fk1u-vfct"},{"vulnerability":"VCID-92s2-qetk-bucr"},{"vulnerability":"VCID-9kxm-dc2y-63dm"},{"vulnerability":"VCID-a5a6-qmzf-gbcz"},{"vulnerability":"VCID-abdr-zm3m-pfa2"},{"vulnerability":"VCID-az4q-s63g-d7ds"},{"vulnerability":"VCID-azqu-ezb2-pyd8"},{"vulnerability":"VCID-bcrg-a29u-cqdt"},{"vulnerability":"VCID-bu5v-zyym-j7gh"},{"vulnerability":"VCID-bz89-e7ng-tbaa"},{"vulnerability":"VCID-c654-1erv-h7c8"},{"vulnerability":"VCID-c8uz-mfg4-5qhc"},{"vulnerability":"VCID-cafa-py93-5yea"},{"vulnerability":"VCID-cea3-yyc7-duef"},{"vulnerability":"VCID-ck51-5j7d-27bx"},{"vulnerability":"VCID-cmsu-gm2f-xbdc"},{"vulnerability":"VCID-cps6-m7k1-73ac"},{"vulnerability":"VCID-cxqg-yhat-8ff3"},{"vulnerability":"VCID-d3ad-s4dr-nydz"},{"vulnerability":"VCID-dgq8-x6f4-1khy"},{"vulnerability":"VCID-dsjq-6q73-73bm"},{"vulnerability":"VCID-du2m-rmty-wkgs"},{"vulnerability":"VCID-e6ub-tmcu-vqcn"},{"vulnerability":"VCID-e8x6-xu14-uuaf"},{"vulnerability":"VCID-ejz4-zxyp-4qbf"},{"vulnerability":"VCID-em2c-wz4r-effx"},{"vulnerability":"VCID-enrr-p3bb-5qgs"},{"vulnerability":"VCID-f6db-4ua5-uqcx"},{"vulnerability":"VCID-fkgn-tmte-nqa3"},{"vulnerability":"VCID-g3j5-kv46-9ydx"},{"vulnerability":"VCID-g4k9-hsbh-g7f9"},{"vulnerability":"VCID-g4r8-kvwz-jyct"},{"vulnerability":"VCID-gdvd-yzgn-efgk"},{"vulnerability":"VCID-gzsg-72e2-q3gv"},{"vulnerability":"VCID-hh4v-wfju-ayc6"},{"vulnerability":"VCID-j1dv-68kj-1qb9"},{"vulnerability":"VCID-j4js-8jyt-pbec"},{"vulnerability":"VCID-jbba-q6ga-g3hs"},{"vulnerability":"VCID-jbkf-m3xe-tqa2"},{"vulnerability":"VCID-js47-rw1w-eudm"},{"vulnerability":"VCID-k42k-auyh-4yce"},{"vulnerability":"VCID-kbk6-xmz6-gkhk"},{"vulnerability":"VCID-kmas-k2bp-5ybw"},{"vulnerability":"VCID-kpmf-anhv-rybp"},{"vulnerability":"VCID-m31s-e72s-pkgm"},{"vulnerability":"VCID-m7r7-sda9-17et"},{"vulnerability":"VCID-mez8-49wu-cyee"},{"vulnerability":"VCID-mgwj-kzz5-6fbb"},{"vulnerability":"VCID-mkq2-6efr-p3gs"},{"vulnerability":"VCID-mrzq-ssp8-xbba"},{"vulnerability":"VCID-nmhb-cp3q-wqd3"},{"vulnerability":"VCID-nmts-t2t9-v7dx"},{"vulnerability":"VCID-p1nt-1p6r-bqd7"},{"vulnerability":"VCID-pam6-fens-pya2"},{"vulnerability":"VCID-ppsd-gq8m-nqde"},{"vulnerability":"VCID-qpnv-m8hy-hkcv"},{"vulnerability":"VCID-qxzn-79e5-akgq"},{"vulnerability":"VCID-rrtd-fcbr-zbcj"},{"vulnerability":"VCID-s29b-sb6b-3bbe"},{"vulnerability":"VCID-sh26-67hw-rbhp"},{"vulnerability":"VCID-sh8g-92zt-17gp"},{"vulnerability":"VCID-sq4d-x8fk-4ugy"},{"vulnerability":"VCID-sqyg-vnng-yqab"},{"vulnerability":"VCID-teva-kx8a-ffdk"},{"vulnerability":"VCID-tjkb-bmeg-67dc"},{"vulnerability":"VCID-tk1p-zzv1-h3en"},{"vulnerability":"VCID-tm48-ttzz-fbd3"},{"vulnerability":"VCID-ttqk-knnt-gyfd"},{"vulnerability":"VCID-u589-8g4c-nud2"},{"vulnerability":"VCID-ueb9-bcsn-dkep"},{"vulnerability":"VCID-va5e-y5cp-nbhc"},{"vulnerability":"VCID-vhea-b7uf-7ye6"},{"vulnerability":"VCID-vrg4-4g58-8fg8"},{"vulnerability":"VCID-vs1z-e52e-xugy"},{"vulnerability":"VCID-vs6z-zgcf-ffb7"},{"vulnerability":"VCID-w4ky-scpt-mkf4"},{"vulnerability":"VCID-w7pj-efhx-r3d3"},{"vulnerability":"VCID-wfuc-qz2z-wbh9"},{"vulnerability":"VCID-wt13-k7hv-9be6"},{"vulnerability":"VCID-wybg-a5q1-hkgv"},{"vulnerability":"VCID-wysq-vy3r-qkbw"},{"vulnerability":"VCID-x79z-g8re-vyey"},{"vulnerability":"VCID-xhs6-cfzj-w7c6"},{"vulnerability":"VCID-y7g3-dk1p-s3aq"},{"vulnerability":"VCID-ybae-jsp4-3qhz"},{"vulnerability":"VCID-yhc1-d5ug-y3b2"},{"vulnerability":"VCID-ywr4-5ybx-b3d4"},{"vulnerability":"VCID-yyf4-tsdh-wfdn"},{"vulnerability":"VCID-z8t4-ckvj-83dh"},{"vulnerability":"VCID-z9ga-c78y-v3bq"},{"vulnerability":"VCID-zau7-46nj-zkdz"},{"vulnerability":"VCID-zu5x-18yv-bbb2"},{"vulnerability":"VCID-zxzw-et7f-ybhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@22.0"}],"aliases":["CVE-2026-27732","GHSA-h39h-7cvg-q7j6"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6w9m-5apg-zfc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69543?format=json","vulnerability_id":"VCID-cr2c-g39n-kfe8","summary":"WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a JSON-formatted POST request body. Because JSON input is parsed and merged into $_REQUEST after global security checks are executed, the payload bypasses the existing sanitization mechanisms. This issue has been patched in version 24.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28501","reference_id":"","reference_type":"","scores":[{"value":"0.2583","scoring_system":"epss","scoring_elements":"0.96395","published_at":"2026-06-13T12:55:00Z"},{"value":"0.2583","scoring_system":"epss","scoring_elements":"0.96383","published_at":"2026-06-11T12:55:00Z"},{"value":"0.2583","scoring_system":"epss","scoring_elements":"0.96394","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28501"},{"reference_url":"https://github.com/WWBN/AVideo/commit/0c10be681c64044618ab94473251bd7c9b114fa1","reference_id":"0c10be681c64044618ab94473251bd7c9b114fa1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-06T16:01:32Z/"}],"url":"https://github.com/WWBN/AVideo/commit/0c10be681c64044618ab94473251bd7c9b114fa1"},{"reference_url":"https://github.com/WWBN/AVideo/releases/tag/24.0","reference_id":"24.0","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-06T16:01:32Z/"}],"url":"https://github.com/WWBN/AVideo/releases/tag/24.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28501","reference_id":"CVE-2026-28501","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28501"},{"reference_url":"https://github.com/advisories/GHSA-pv87-r9qf-x56p","reference_id":"GHSA-pv87-r9qf-x56p","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pv87-r9qf-x56p"},{"reference_url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-pv87-r9qf-x56p","reference_id":"GHSA-pv87-r9qf-x56p","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-06T16:01:32Z/"}],"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-pv87-r9qf-x56p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/951675?format=json","purl":"pkg:composer/wwbn/avideo@22.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gxg-fdaa-tygg"},{"vulnerability":"VCID-1mmh-vt31-kbbb"},{"vulnerability":"VCID-1qcx-tqcr-kbhy"},{"vulnerability":"VCID-1sx8-5eer-97aq"},{"vulnerability":"VCID-1uab-dgtz-hqcm"},{"vulnerability":"VCID-1ubr-3dt8-p3e4"},{"vulnerability":"VCID-24w8-qw1k-m3ev"},{"vulnerability":"VCID-2a5z-m2yv-13au"},{"vulnerability":"VCID-2ny7-udfn-qqdw"},{"vulnerability":"VCID-2qn5-shar-r7fb"},{"vulnerability":"VCID-3jdq-k9t3-ekc5"},{"vulnerability":"VCID-44jq-pmnk-q7e3"},{"vulnerability":"VCID-48c5-cxqf-7yar"},{"vulnerability":"VCID-4a4v-b69w-xbdt"},{"vulnerability":"VCID-4ag1-ypp7-3ygs"},{"vulnerability":"VCID-4sua-ynnm-3qhm"},{"vulnerability":"VCID-4y4j-99kg-eybw"},{"vulnerability":"VCID-4zu3-f1vr-kygk"},{"vulnerability":"VCID-6t1w-33wc-r7gu"},{"vulnerability":"VCID-72qa-csxh-5ubs"},{"vulnerability":"VCID-77m3-thwg-pkex"},{"vulnerability":"VCID-7an2-kvub-wbdc"},{"vulnerability":"VCID-7kkx-jynh-q3cd"},{"vulnerability":"VCID-83j9-2b59-nff2"},{"vulnerability":"VCID-88hg-8udu-ebd4"},{"vulnerability":"VCID-8b22-g4th-cba2"},{"vulnerability":"VCID-8gf9-8z1j-hbcn"},{"vulnerability":"VCID-8y3y-7nys-63cb"},{"vulnerability":"VCID-8y9d-2wpy-pqfj"},{"vulnerability":"VCID-8z3w-xyuw-eydt"},{"vulnerability":"VCID-8zdd-12d9-mkdt"},{"vulnerability":"VCID-926w-fk1u-vfct"},{"vulnerability":"VCID-92s2-qetk-bucr"},{"vulnerability":"VCID-9kxm-dc2y-63dm"},{"vulnerability":"VCID-a5a6-qmzf-gbcz"},{"vulnerability":"VCID-abdr-zm3m-pfa2"},{"vulnerability":"VCID-az4q-s63g-d7ds"},{"vulnerability":"VCID-azqu-ezb2-pyd8"},{"vulnerability":"VCID-bcrg-a29u-cqdt"},{"vulnerability":"VCID-bu5v-zyym-j7gh"},{"vulnerability":"VCID-bz89-e7ng-tbaa"},{"vulnerability":"VCID-c654-1erv-h7c8"},{"vulnerability":"VCID-c8uz-mfg4-5qhc"},{"vulnerability":"VCID-cafa-py93-5yea"},{"vulnerability":"VCID-cea3-yyc7-duef"},{"vulnerability":"VCID-ck51-5j7d-27bx"},{"vulnerability":"VCID-cmsu-gm2f-xbdc"},{"vulnerability":"VCID-cps6-m7k1-73ac"},{"vulnerability":"VCID-cxqg-yhat-8ff3"},{"vulnerability":"VCID-d3ad-s4dr-nydz"},{"vulnerability":"VCID-dgq8-x6f4-1khy"},{"vulnerability":"VCID-dsjq-6q73-73bm"},{"vulnerability":"VCID-du2m-rmty-wkgs"},{"vulnerability":"VCID-e6ub-tmcu-vqcn"},{"vulnerability":"VCID-e8x6-xu14-uuaf"},{"vulnerability":"VCID-ejz4-zxyp-4qbf"},{"vulnerability":"VCID-em2c-wz4r-effx"},{"vulnerability":"VCID-enrr-p3bb-5qgs"},{"vulnerability":"VCID-f6db-4ua5-uqcx"},{"vulnerability":"VCID-fkgn-tmte-nqa3"},{"vulnerability":"VCID-g3j5-kv46-9ydx"},{"vulnerability":"VCID-g4k9-hsbh-g7f9"},{"vulnerability":"VCID-g4r8-kvwz-jyct"},{"vulnerability":"VCID-gdvd-yzgn-efgk"},{"vulnerability":"VCID-gzsg-72e2-q3gv"},{"vulnerability":"VCID-hh4v-wfju-ayc6"},{"vulnerability":"VCID-j1dv-68kj-1qb9"},{"vulnerability":"VCID-j4js-8jyt-pbec"},{"vulnerability":"VCID-jbba-q6ga-g3hs"},{"vulnerability":"VCID-jbkf-m3xe-tqa2"},{"vulnerability":"VCID-js47-rw1w-eudm"},{"vulnerability":"VCID-k42k-auyh-4yce"},{"vulnerability":"VCID-kbk6-xmz6-gkhk"},{"vulnerability":"VCID-kmas-k2bp-5ybw"},{"vulnerability":"VCID-kpmf-anhv-rybp"},{"vulnerability":"VCID-m31s-e72s-pkgm"},{"vulnerability":"VCID-m7r7-sda9-17et"},{"vulnerability":"VCID-mez8-49wu-cyee"},{"vulnerability":"VCID-mgwj-kzz5-6fbb"},{"vulnerability":"VCID-mkq2-6efr-p3gs"},{"vulnerability":"VCID-mrzq-ssp8-xbba"},{"vulnerability":"VCID-nmhb-cp3q-wqd3"},{"vulnerability":"VCID-nmts-t2t9-v7dx"},{"vulnerability":"VCID-p1nt-1p6r-bqd7"},{"vulnerability":"VCID-pam6-fens-pya2"},{"vulnerability":"VCID-ppsd-gq8m-nqde"},{"vulnerability":"VCID-qpnv-m8hy-hkcv"},{"vulnerability":"VCID-qxzn-79e5-akgq"},{"vulnerability":"VCID-rrtd-fcbr-zbcj"},{"vulnerability":"VCID-s29b-sb6b-3bbe"},{"vulnerability":"VCID-sh26-67hw-rbhp"},{"vulnerability":"VCID-sh8g-92zt-17gp"},{"vulnerability":"VCID-sq4d-x8fk-4ugy"},{"vulnerability":"VCID-sqyg-vnng-yqab"},{"vulnerability":"VCID-teva-kx8a-ffdk"},{"vulnerability":"VCID-tjkb-bmeg-67dc"},{"vulnerability":"VCID-tk1p-zzv1-h3en"},{"vulnerability":"VCID-tm48-ttzz-fbd3"},{"vulnerability":"VCID-ttqk-knnt-gyfd"},{"vulnerability":"VCID-u589-8g4c-nud2"},{"vulnerability":"VCID-ueb9-bcsn-dkep"},{"vulnerability":"VCID-va5e-y5cp-nbhc"},{"vulnerability":"VCID-vhea-b7uf-7ye6"},{"vulnerability":"VCID-vrg4-4g58-8fg8"},{"vulnerability":"VCID-vs1z-e52e-xugy"},{"vulnerability":"VCID-vs6z-zgcf-ffb7"},{"vulnerability":"VCID-w4ky-scpt-mkf4"},{"vulnerability":"VCID-w7pj-efhx-r3d3"},{"vulnerability":"VCID-wfuc-qz2z-wbh9"},{"vulnerability":"VCID-wt13-k7hv-9be6"},{"vulnerability":"VCID-wybg-a5q1-hkgv"},{"vulnerability":"VCID-wysq-vy3r-qkbw"},{"vulnerability":"VCID-x79z-g8re-vyey"},{"vulnerability":"VCID-xhs6-cfzj-w7c6"},{"vulnerability":"VCID-y7g3-dk1p-s3aq"},{"vulnerability":"VCID-ybae-jsp4-3qhz"},{"vulnerability":"VCID-yhc1-d5ug-y3b2"},{"vulnerability":"VCID-ywr4-5ybx-b3d4"},{"vulnerability":"VCID-yyf4-tsdh-wfdn"},{"vulnerability":"VCID-z8t4-ckvj-83dh"},{"vulnerability":"VCID-z9ga-c78y-v3bq"},{"vulnerability":"VCID-zau7-46nj-zkdz"},{"vulnerability":"VCID-zu5x-18yv-bbb2"},{"vulnerability":"VCID-zxzw-et7f-ybhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@22.0"}],"aliases":["CVE-2026-28501","GHSA-pv87-r9qf-x56p"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cr2c-g39n-kfe8"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/wwbn/avideo@21.0.0"}