Search

Find a vulnerability

Search criteria

    6 vulnerabilities by welovemedia

    CVE-2026-5254 (GCVE-0-2026-5254)

    Vulnerability from nvd – Published: 2026-04-01 04:15 – Updated: 2026-04-01 11:46
    VLAI
    Title
    welovemedia FFmate Webhook AppJsonTreeView.vue cross site scripting
    Summary
    A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component Webhook Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    welovemedia FFmate Affected: 2.0.0
    Affected: 2.0.1
    Affected: 2.0.2
    Affected: 2.0.3
    Affected: 2.0.4
    Affected: 2.0.5
    Affected: 2.0.6
    Affected: 2.0.7
    Affected: 2.0.8
    Affected: 2.0.9
    Affected: 2.0.10
    Affected: 2.0.11
    Affected: 2.0.12
    Affected: 2.0.13
    Affected: 2.0.14
    Affected: 2.0.15
    Create a notification for this product.
    Credits
    VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5254",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T11:43:19.114846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T11:46:56.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Webhook Handler"
              ],
              "product": "FFmate",
              "vendor": "welovemedia",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.6"
                },
                {
                  "status": "affected",
                  "version": "2.0.7"
                },
                {
                  "status": "affected",
                  "version": "2.0.8"
                },
                {
                  "status": "affected",
                  "version": "2.0.9"
                },
                {
                  "status": "affected",
                  "version": "2.0.10"
                },
                {
                  "status": "affected",
                  "version": "2.0.11"
                },
                {
                  "status": "affected",
                  "version": "2.0.12"
                },
                {
                  "status": "affected",
                  "version": "2.0.13"
                },
                {
                  "status": "affected",
                  "version": "2.0.14"
                },
                {
                  "status": "affected",
                  "version": "2.0.15"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component Webhook Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T04:15:13.335Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-354444 | welovemedia FFmate Webhook AppJsonTreeView.vue cross site scripting",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/354444"
            },
            {
              "name": "VDB-354444 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/354444/cti"
            },
            {
              "name": "Submit #780615 | welovemedia FFmate \u003c= v2.0.15 Cross Site Scripting",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/780615"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-2"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-31T18:20:58.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "welovemedia FFmate Webhook AppJsonTreeView.vue cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-5254",
        "datePublished": "2026-04-01T04:15:13.335Z",
        "dateReserved": "2026-03-31T16:15:53.686Z",
        "dateUpdated": "2026-04-01T11:46:56.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3682 (GCVE-0-2026-3682)

    Vulnerability from nvd – Published: 2026-03-07 23:32 – Updated: 2026-03-11 16:27
    VLAI
    Title
    welovemedia FFmate ffmpeg.go Execute argument injection
    Summary
    A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349584 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349584 signaturepermissions-required
    https://vuldb.com/?submit.765587 third-party-advisory
    https://github.com/CC-T-454455/Vulnerabilities/tr… exploit
    Impacted products
    Vendor Product Version
    welovemedia FFmate Affected: 2.0.0
    Affected: 2.0.1
    Affected: 2.0.2
    Affected: 2.0.3
    Affected: 2.0.4
    Affected: 2.0.5
    Affected: 2.0.6
    Affected: 2.0.7
    Affected: 2.0.8
    Affected: 2.0.9
    Affected: 2.0.10
    Affected: 2.0.11
    Affected: 2.0.12
    Affected: 2.0.13
    Affected: 2.0.14
    Affected: 2.0.15
    Create a notification for this product.
    Credits
    VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3682",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T16:22:47.952508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T16:27:45.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FFmate",
              "vendor": "welovemedia",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.6"
                },
                {
                  "status": "affected",
                  "version": "2.0.7"
                },
                {
                  "status": "affected",
                  "version": "2.0.8"
                },
                {
                  "status": "affected",
                  "version": "2.0.9"
                },
                {
                  "status": "affected",
                  "version": "2.0.10"
                },
                {
                  "status": "affected",
                  "version": "2.0.11"
                },
                {
                  "status": "affected",
                  "version": "2.0.12"
                },
                {
                  "status": "affected",
                  "version": "2.0.13"
                },
                {
                  "status": "affected",
                  "version": "2.0.14"
                },
                {
                  "status": "affected",
                  "version": "2.0.15"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-07T23:32:07.875Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349584 | welovemedia FFmate ffmpeg.go Execute argument injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349584"
            },
            {
              "name": "VDB-349584 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349584"
            },
            {
              "name": "Submit #765587 | welovemedia FFmate \u003c= v2.0.15 Argument Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.765587"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-3"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-06T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-06T22:34:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "welovemedia FFmate ffmpeg.go Execute argument injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3682",
        "datePublished": "2026-03-07T23:32:07.875Z",
        "dateReserved": "2026-03-06T21:29:32.815Z",
        "dateUpdated": "2026-03-11T16:27:45.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3681 (GCVE-0-2026-3681)

    Vulnerability from nvd – Published: 2026-03-07 23:02 – Updated: 2026-03-11 16:27
    VLAI
    Title
    welovemedia FFmate webhook.go fireWebhook server-side request forgery
    Summary
    A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349583 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349583 signaturepermissions-required
    https://vuldb.com/?submit.765558 third-party-advisory
    https://github.com/CC-T-454455/Vulnerabilities/tr… exploit
    Impacted products
    Vendor Product Version
    welovemedia FFmate Affected: 2.0.0
    Affected: 2.0.1
    Affected: 2.0.2
    Affected: 2.0.3
    Affected: 2.0.4
    Affected: 2.0.5
    Affected: 2.0.6
    Affected: 2.0.7
    Affected: 2.0.8
    Affected: 2.0.9
    Affected: 2.0.10
    Affected: 2.0.11
    Affected: 2.0.12
    Affected: 2.0.13
    Affected: 2.0.14
    Affected: 2.0.15
    Create a notification for this product.
    Credits
    VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3681",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T16:22:51.215620Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T16:27:51.191Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FFmate",
              "vendor": "welovemedia",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.6"
                },
                {
                  "status": "affected",
                  "version": "2.0.7"
                },
                {
                  "status": "affected",
                  "version": "2.0.8"
                },
                {
                  "status": "affected",
                  "version": "2.0.9"
                },
                {
                  "status": "affected",
                  "version": "2.0.10"
                },
                {
                  "status": "affected",
                  "version": "2.0.11"
                },
                {
                  "status": "affected",
                  "version": "2.0.12"
                },
                {
                  "status": "affected",
                  "version": "2.0.13"
                },
                {
                  "status": "affected",
                  "version": "2.0.14"
                },
                {
                  "status": "affected",
                  "version": "2.0.15"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-07T23:02:12.183Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349583 | welovemedia FFmate webhook.go fireWebhook server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349583"
            },
            {
              "name": "VDB-349583 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349583"
            },
            {
              "name": "Submit #765558 | welovemedia FFmate \u003c= v2.0.15 Server-Side Request Forgery",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.765558"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-06T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-06T22:34:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "welovemedia FFmate webhook.go fireWebhook server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3681",
        "datePublished": "2026-03-07T23:02:12.183Z",
        "dateReserved": "2026-03-06T21:29:27.732Z",
        "dateUpdated": "2026-03-11T16:27:51.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-5254 (GCVE-0-2026-5254)

    Vulnerability from cvelistv5 – Published: 2026-04-01 04:15 – Updated: 2026-04-01 11:46
    VLAI
    Title
    welovemedia FFmate Webhook AppJsonTreeView.vue cross site scripting
    Summary
    A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component Webhook Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    welovemedia FFmate Affected: 2.0.0
    Affected: 2.0.1
    Affected: 2.0.2
    Affected: 2.0.3
    Affected: 2.0.4
    Affected: 2.0.5
    Affected: 2.0.6
    Affected: 2.0.7
    Affected: 2.0.8
    Affected: 2.0.9
    Affected: 2.0.10
    Affected: 2.0.11
    Affected: 2.0.12
    Affected: 2.0.13
    Affected: 2.0.14
    Affected: 2.0.15
    Create a notification for this product.
    Credits
    VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-5254",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-01T11:43:19.114846Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-01T11:46:56.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Webhook Handler"
              ],
              "product": "FFmate",
              "vendor": "welovemedia",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.6"
                },
                {
                  "status": "affected",
                  "version": "2.0.7"
                },
                {
                  "status": "affected",
                  "version": "2.0.8"
                },
                {
                  "status": "affected",
                  "version": "2.0.9"
                },
                {
                  "status": "affected",
                  "version": "2.0.10"
                },
                {
                  "status": "affected",
                  "version": "2.0.11"
                },
                {
                  "status": "affected",
                  "version": "2.0.12"
                },
                {
                  "status": "affected",
                  "version": "2.0.13"
                },
                {
                  "status": "affected",
                  "version": "2.0.14"
                },
                {
                  "status": "affected",
                  "version": "2.0.15"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component Webhook Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-01T04:15:13.335Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-354444 | welovemedia FFmate Webhook AppJsonTreeView.vue cross site scripting",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/354444"
            },
            {
              "name": "VDB-354444 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/354444/cti"
            },
            {
              "name": "Submit #780615 | welovemedia FFmate \u003c= v2.0.15 Cross Site Scripting",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/780615"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-2"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-31T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-31T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-31T18:20:58.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "welovemedia FFmate Webhook AppJsonTreeView.vue cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-5254",
        "datePublished": "2026-04-01T04:15:13.335Z",
        "dateReserved": "2026-03-31T16:15:53.686Z",
        "dateUpdated": "2026-04-01T11:46:56.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3682 (GCVE-0-2026-3682)

    Vulnerability from cvelistv5 – Published: 2026-03-07 23:32 – Updated: 2026-03-11 16:27
    VLAI
    Title
    welovemedia FFmate ffmpeg.go Execute argument injection
    Summary
    A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349584 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349584 signaturepermissions-required
    https://vuldb.com/?submit.765587 third-party-advisory
    https://github.com/CC-T-454455/Vulnerabilities/tr… exploit
    Impacted products
    Vendor Product Version
    welovemedia FFmate Affected: 2.0.0
    Affected: 2.0.1
    Affected: 2.0.2
    Affected: 2.0.3
    Affected: 2.0.4
    Affected: 2.0.5
    Affected: 2.0.6
    Affected: 2.0.7
    Affected: 2.0.8
    Affected: 2.0.9
    Affected: 2.0.10
    Affected: 2.0.11
    Affected: 2.0.12
    Affected: 2.0.13
    Affected: 2.0.14
    Affected: 2.0.15
    Create a notification for this product.
    Credits
    VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3682",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T16:22:47.952508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T16:27:45.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FFmate",
              "vendor": "welovemedia",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.6"
                },
                {
                  "status": "affected",
                  "version": "2.0.7"
                },
                {
                  "status": "affected",
                  "version": "2.0.8"
                },
                {
                  "status": "affected",
                  "version": "2.0.9"
                },
                {
                  "status": "affected",
                  "version": "2.0.10"
                },
                {
                  "status": "affected",
                  "version": "2.0.11"
                },
                {
                  "status": "affected",
                  "version": "2.0.12"
                },
                {
                  "status": "affected",
                  "version": "2.0.13"
                },
                {
                  "status": "affected",
                  "version": "2.0.14"
                },
                {
                  "status": "affected",
                  "version": "2.0.15"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-88",
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-07T23:32:07.875Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349584 | welovemedia FFmate ffmpeg.go Execute argument injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349584"
            },
            {
              "name": "VDB-349584 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349584"
            },
            {
              "name": "Submit #765587 | welovemedia FFmate \u003c= v2.0.15 Argument Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.765587"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-3"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-06T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-06T22:34:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "welovemedia FFmate ffmpeg.go Execute argument injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3682",
        "datePublished": "2026-03-07T23:32:07.875Z",
        "dateReserved": "2026-03-06T21:29:32.815Z",
        "dateUpdated": "2026-03-11T16:27:45.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3681 (GCVE-0-2026-3681)

    Vulnerability from cvelistv5 – Published: 2026-03-07 23:02 – Updated: 2026-03-11 16:27
    VLAI
    Title
    welovemedia FFmate webhook.go fireWebhook server-side request forgery
    Summary
    A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.349583 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.349583 signaturepermissions-required
    https://vuldb.com/?submit.765558 third-party-advisory
    https://github.com/CC-T-454455/Vulnerabilities/tr… exploit
    Impacted products
    Vendor Product Version
    welovemedia FFmate Affected: 2.0.0
    Affected: 2.0.1
    Affected: 2.0.2
    Affected: 2.0.3
    Affected: 2.0.4
    Affected: 2.0.5
    Affected: 2.0.6
    Affected: 2.0.7
    Affected: 2.0.8
    Affected: 2.0.9
    Affected: 2.0.10
    Affected: 2.0.11
    Affected: 2.0.12
    Affected: 2.0.13
    Affected: 2.0.14
    Affected: 2.0.15
    Create a notification for this product.
    Credits
    VulDB
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3681",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-11T16:22:51.215620Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-11T16:27:51.191Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "FFmate",
              "vendor": "welovemedia",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0.0"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.2"
                },
                {
                  "status": "affected",
                  "version": "2.0.3"
                },
                {
                  "status": "affected",
                  "version": "2.0.4"
                },
                {
                  "status": "affected",
                  "version": "2.0.5"
                },
                {
                  "status": "affected",
                  "version": "2.0.6"
                },
                {
                  "status": "affected",
                  "version": "2.0.7"
                },
                {
                  "status": "affected",
                  "version": "2.0.8"
                },
                {
                  "status": "affected",
                  "version": "2.0.9"
                },
                {
                  "status": "affected",
                  "version": "2.0.10"
                },
                {
                  "status": "affected",
                  "version": "2.0.11"
                },
                {
                  "status": "affected",
                  "version": "2.0.12"
                },
                {
                  "status": "affected",
                  "version": "2.0.13"
                },
                {
                  "status": "affected",
                  "version": "2.0.14"
                },
                {
                  "status": "affected",
                  "version": "2.0.15"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-07T23:02:12.183Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-349583 | welovemedia FFmate webhook.go fireWebhook server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.349583"
            },
            {
              "name": "VDB-349583 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.349583"
            },
            {
              "name": "Submit #765558 | welovemedia FFmate \u003c= v2.0.15 Server-Side Request Forgery",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.765558"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-1"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-03-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-03-06T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-03-06T22:34:37.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "welovemedia FFmate webhook.go fireWebhook server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-3681",
        "datePublished": "2026-03-07T23:02:12.183Z",
        "dateReserved": "2026-03-06T21:29:27.732Z",
        "dateUpdated": "2026-03-11T16:27:51.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }