{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T02:19:16.833","vulnerabilities":[{"cve":{"id":"CVE-2026-33690","sourceIdentifier":"security-advisories@github.com","published":"2026-03-23T19:16:42.173","lastModified":"2026-03-25T15:06:07.927","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `getRealIpAddr()` function in `objects/functions.php` trusts user-controlled HTTP headers to determine the client's IP address. An attacker can spoof their IP address by sending forged headers, bypassing any IP-based access controls or audit logging. Commit 1a1df6a9377e5cc67d1d0ac8ef571f7abbffbc6c contains a patch."},{"lang":"es","value":"WWBN AVideo es una plataforma de vídeo de código abierto. En versiones hasta la 26.0 inclusive, la función 'getRealIpAddr()' en 'objects/functions.php' confía en los encabezados HTTP controlados por el usuario para determinar la dirección IP del cliente. Un atacante puede falsificar su dirección IP enviando encabezados falsificados, eludiendo cualquier control de acceso basado en IP o registro de auditoría. El commit 1a1df6a9377e5cc67d1d0ac8ef571f7abbffbc6c contiene un parche."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-348"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*","versionEndIncluding":"26.0","matchCriteriaId":"774C24F1-9D26-484F-B931-1DA107C8F588"}]}]}],"references":[{"url":"https://github.com/WWBN/AVideo/commit/1a1df6a9377e5cc67d1d0ac8ef571f7abbffbc6c","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/WWBN/AVideo/security/advisories/GHSA-8p2x-5cpm-qrqw","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}