{"api_version":"1","generated_at":"2026-04-23T07:48:27+00:00","cve":"CVE-2026-30280","urls":{"html":"https://cve.report/CVE-2026-30280","api":"https://cve.report/api/cve/CVE-2026-30280.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-30280","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-30280"},"summary":{"title":"CVE-2026-30280","description":"An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.","state":"PUBLISHED","assigner":"mitre","published_at":"2026-03-31 20:16:26","updated_at":"2026-04-02 20:44:44"},"problem_types":["CWE-434","n/a","CWE-434 CWE-434 Unrestricted Upload of File with Dangerous Type"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}}],"references":[{"url":"https://secsys.fudan.edu.cn/","name":"https://secsys.fudan.edu.cn/","refsource":"cve@mitre.org","tags":["Not Applicable"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://rareprob-website.firebaseapp.com/","name":"https://rareprob-website.firebaseapp.com/","refsource":"cve@mitre.org","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/Secsys-FDU/AF_CVEs/issues/29","name":"https://github.com/Secsys-FDU/AF_CVEs/issues/29","refsource":"cve@mitre.org","tags":["Exploit","Third Party Advisory","Issue Tracking"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-30280","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30280","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"30280","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rareprob","cpe5":"video_player","cpe6":"1.0.135","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"android","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"30280","cve":"CVE-2026-30280","epss":"0.000090000","percentile":"0.009690000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:39"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-30280","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-04-01T14:48:57.584448Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-01T14:49:03.226Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2026-03-31T18:55:46.929Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"url":"https://secsys.fudan.edu.cn/"},{"url":"https://rareprob-website.firebaseapp.com/"},{"url":"https://github.com/Secsys-FDU/AF_CVEs/issues/29"}]}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2026-30280","datePublished":"2026-03-31T00:00:00.000Z","dateReserved":"2026-03-04T00:00:00.000Z","dateUpdated":"2026-04-01T14:49:03.226Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-31 20:16:26","lastModifiedDate":"2026-04-02 20:44:44","problem_types":["CWE-434","n/a","CWE-434 CWE-434 Unrestricted Upload of File with Dangerous Type"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rareprob:video_player:1.0.135:*:*:*:*:android:*:*","matchCriteriaId":"A0CA20CD-4D19-4C08-9EDB-A6B44EC34705"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"30280","Ordinal":"1","Title":"CVE-2026-30280","CVE":"CVE-2026-30280","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"30280","Ordinal":"1","NoteData":"An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVATE LIMITED Video player Play All Videos v1.0.135 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.","Type":"Description","Title":"CVE-2026-30280"}]}}}