{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T05:54:01.599","vulnerabilities":[{"cve":{"id":"CVE-2026-33512","sourceIdentifier":"security-advisories@github.com","published":"2026-03-23T19:16:40.420","lastModified":"2026-03-25T17:51:40.870","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a `decryptString` action without any authentication. Anyone can submit ciphertext and receive plaintext. Ciphertext is issued publicly (e.g., `view/url2Embed.json.php`), so any user can recover protected tokens/metadata. Commit 3fdeecef37bb88967a02ccc9b9acc8da95de1c13 contains a patch."},{"lang":"es","value":"WWBN AVideo es una plataforma de video de código abierto. En versiones hasta la 26.0 inclusive, el plugin de la API expone una acción 'decryptString' sin autenticación alguna. Cualquiera puede enviar texto cifrado y recibir texto plano. El texto cifrado se emite públicamente (por ejemplo, 'view/url2Embed.json.php'), por lo que cualquier usuario puede recuperar tokens/metadatos protegidos. El commit 3fdeecef37bb88967a02ccc9b9acc8da95de1c13 contiene un parche."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-312"},{"lang":"en","value":"CWE-326"},{"lang":"en","value":"CWE-327"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*","versionEndIncluding":"26.0","matchCriteriaId":"774C24F1-9D26-484F-B931-1DA107C8F588"}]}]}],"references":[{"url":"https://github.com/WWBN/AVideo/commit/3fdeecef37bb88967a02ccc9b9acc8da95de1c13","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-mwjc-5j4x-r686","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}