CVE-2026-30280
Summary
| CVE | CVE-2026-30280 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-03-31 20:16:26 UTC |
| Updated | 2026-04-01 16:23:49 UTC |
| Description | An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure. |
Risk And Classification
Primary CVSS: v3.1 5.3 MEDIUM from ADP
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS: 0.000170000 probability, percentile 0.040160000 (date 2026-04-01)
Problem Types: CWE-434 | n/a | CWE-434 CWE-434 Unrestricted Upload of File with Dangerous Type
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
NoneUser Interaction
RequiredScope
UnchangedConfidentiality
LowIntegrity
LowAvailability
LowCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| secsys.fudan.edu.cn | [email protected] | secsys.fudan.edu.cn | |
| rareprob-website.firebaseapp.com | [email protected] | rareprob-website.firebaseapp.com | |
| github.com/Secsys-FDU/AF_CVEs/issues/29 | [email protected] | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.