cve.li

Recent

CVE-2026-33650CWE-863

AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

Published 2026-03-23 by GitHub_M

CVE-2026-33649CWE-352

AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification

Published 2026-03-23 by GitHub_M

CVE-2026-33648CWE-78

AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File Path

Published 2026-03-23 by GitHub_M

CVE-2026-33647CWE-434

AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

Published 2026-03-23 by GitHub_M

CVE-2026-33513CWE-22CWE-98

AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP)

Published 2026-03-23 by GitHub_M

CVE-2026-33512CWE-287CWE-312CWE-326CWE-327

AVideo has an unauthenticated decrypt oracle leaking any ciphertext

Published 2026-03-23 by GitHub_M

CVE-2025-15605CWE-321

Hardcoded Cryptographic Key in Configuration Encryption Mechanism on TP-Link Archer NX200, NX210, NX500 and NX600

Published 2026-03-23 by TPLink

CVE-2025-15519CWE-78

Command Injection in Modem Management CLI on TP-Link Archer NX200, NX210, NX500 and NX600

Published 2026-03-23 by TPLink

CVE-2025-15518CWE-78

Command Injection in Wireless Control CLI on TP-Link Archer NX200, NX210, NX500 and NX600

Published 2026-03-23 by TPLink

CVE-2025-15517CWE-306

Authorization Bypass in HTTP Server Endpoints on TP-Link Archer NX200, NX210, NX500 and NX600

Published 2026-03-23 by TPLink

Load more ↓