exploitDog

CVE-2025-34441

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 7.5

EPSS Средний

Описание

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*

Версия до 20.0 (исключая)

EPSS

Процентиль: 97%

0.40739

Средний

7.5 High

CVSS3

Дефекты

CWE-359

Связанные уязвимости

GHSA-9rpf-6v9q-87h5

CVSS3: 7.5

github

около 2 месяцев назад

AVideo versions prior to 20.0 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations.

EPSS

Процентиль: 97%

0.40739

Средний

7.5 High

CVSS3

Дефекты

CWE-359