{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33512/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-33512","avideo","improper-authentication","api-vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eWWBN AVideo is an open-source video platform. Versions up to and including 26.0 are vulnerable to an improper authentication issue within the API plugin. The \u003ccode\u003edecryptString\u003c/code\u003e action, intended for internal decryption processes, is exposed without any authentication requirements. Attackers can exploit this vulnerability to submit ciphertext, which is publicly accessible through endpoints like \u003ccode\u003eview/url2Embed.json.php\u003c/code\u003e, and receive the corresponding plaintext. Successful exploitation allows…\u003c/p\u003e\n","date_modified":"2026-03-24T12:00:00Z","date_published":"2026-03-24T12:00:00Z","id":"/briefs/2026-03-avideo-decryptstring/","summary":"WWBN AVideo, up to version 26.0, contains an improper authentication vulnerability (CVE-2026-33512) in the API plugin's `decryptString` action, allowing unauthenticated users to decrypt publicly accessible ciphertext and potentially recover protected tokens/metadata.","title":"WWBN AVideo Unauthenticated decryptString Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-avideo-decryptstring/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-33512","version":"https://jsonfeed.org/version/1.1"}