CVE-2026-45619EPSS p3.3%

CVE-2026-45619CVE-2026-45619

wwbn / avideo

Description

WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS pinning via CURLOPT_RESOLVE, opening DNS-rebinding TOCTOU.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.14% probability of exploitation · percentile 3.3% · 2026-06-18T12:00:27Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41064
CVE
CVE-2026-33480
CVE
CVE-2026-33719
CVE
CVE-2026-33039
CVE
CVE-2026-41056
CVE
CVE-2026-33716
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.