https://feed.craftedsignal.io/tags/cve-2026-33297/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 23 Mar 2026 14:16:33 +0000https://feed.craftedsignal.io/briefs/2024-01-avideo-password-bypass/Mon, 23 Mar 2026 14:16:33 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-avideo-password-bypass/WWBN AVideo versions prior to 26.0 are vulnerable to a credential access vulnerability where passwords containing non-numeric characters are incorrectly processed, effectively setting the password to '0' and allowing trivial channel access bypass.WWBN AVideo is an open-source video platform. A critical vulnerability exists in versions prior to 26.0 within the CustomizeUser plugin. Specifically, the setPassword.json.php endpoint is susceptible to a logic error affecting channel password assignments. When an administrator attempts to set a channel password containing non-numeric characters for any user, the system incorrectly coerces the password to the integer zero before storing it. This effectively sets the channel password to ‘0’…

]]>criticaladvisorycve-2026-33297credential-accessweb-application