wwbn
197 tracked vulnerabilities.
CVE-2026-43885
HIGH
WWBN AVideo: Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization
May 11, 2026
EPSS 0.00
CVE-2026-43884
HIGH
WWBN AVideo: SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()
May 11, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-43883
MEDIUM
WWBN AVideo: IDOR in PayPalYPT agreementCancel.json.php Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements
May 11, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-43882
MEDIUM
WWBN AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event Spoofing
May 11, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-43881
MEDIUM
WWBN AVideo <= 29.0 - Unauthenticated User Enumeration
May 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-43880
MEDIUM
WWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From Address
May 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-43879
MEDIUM
WWBN AVideo: Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect Bypass
May 11, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-43878
MEDIUM
WWBN AVideo: Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String Literal
May 11, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-43877
MEDIUM
WWBN AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary Bytes
May 11, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-43876
MEDIUM
WWBN AVideo: HTML Injection in notifySubscribers.json.php Enables Platform-Branded Phishing Emails to Channel Subscribers
May 11, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-43875
MEDIUM
WWBN AVideo: Password Hash Leaked in MobileManager OAuth Redirect URL Enables Account Takeover
May 11, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-43873
HIGH
WWBN AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php` Enables Cross-Site DB Dump of the Configured Clone Server
May 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-43874
HIGH
WWBN AVideo: Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass
May 11, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-41304
HIGH
WWBN AVideo vulnerable to RCE caused by clonesite plugin
Apr 22, 2026
EPSS 0.01
CVE-2026-41064
CRITICAL
AVideo has an incomplete fix for CVE-2026-33502 (Command Injection)
Apr 22, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-41063
MEDIUM
WWBN AVideo ParsedownSafeWithLinks - Cross-Site Scripting
Apr 21, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-41062
MEDIUM
WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters
Apr 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-41061
MEDIUM
WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver
Apr 21, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-41060
HIGH
AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL
Apr 21, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-41058
HIGH
AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo
Apr 21, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41057
HIGH
AVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API Responses
Apr 21, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-41056
HIGH
AVideos has CORS Origin Reflection with Credentials on Sensitive API Endpoints that Enables Cross-Origin Account Takeover
Apr 21, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-41055
HIGH
WWBN AVideo LiveLinks Proxy - Server-Side Request Forgery
Apr 21, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-40935
MEDIUM
WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure
Apr 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40929
MEDIUM
WWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators
Apr 21, 2026
CVSS 5.4
EPSS 0.00
Quick Filters