Signal
Two vulnerabilities disclosed in AVideo including session hijacking and password hash oracle
Two security vulnerabilities have been disclosed in AVideo, a video platform. The first is a high severity session hijacking issue caused by unauthenticated session ID disclosure combined with permissive CORS settings (CVE-2026-33043).
github
cveexploitssecurity_advisoriesincident_response
Evidence locked
Today's free sample is only available for the edition's flagship signal.
Evidence preview
- GitHub Security Advisoriesgithub.com
- AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.phpgithub_advisories