CVE-2026-46337EPSS p30.6%

CVE-2026-46337CVE-2026-46337

wwbn / avideo

Description

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded thumbnails, encrypted-video poster frames, and image content under sibling-app directories reachable via .. traversal. The endpoint requires no authentication.

Scoring

CVSS 5.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS0.39% probability of exploitation · percentile 30.6% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-33502
CVE
CVE-2026-33649
CVE
CVE-2026-33493
CVE
CVE-2026-45731
CVE
CVE-2026-33717
CVE
CVE-2026-27732
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.