wwbn

197 tracked vulnerabilities.

CVE-2026-40928 MEDIUM
AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion
Apr 21, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-40926 HIGH
WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script)
Apr 21, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-40925 HIGH
WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials
Apr 21, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-40911 CRITICAL
WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks
Apr 21, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-40909 HIGH
WWBN AVideo <= 29.0 - Path Traversal Remote Code Execution
Apr 21, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-40908 MEDIUM
WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version
Apr 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-40907 MEDIUM
WWBN AVideo has IDOR in Live Restreams list.json.php that Exposes Other Users' Stream Keys and OAuth Tokens
Apr 21, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-39370 HIGH
WWBN AVideo <= 26.0 - Server-Side Request Forgery Response Exfiltration
Apr 07, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-39369 HIGH
WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs
Apr 07, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-39368 MEDIUM
WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services
Apr 07, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-39367 MEDIUM
WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page
Apr 07, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-39366 MEDIUM
WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php
Apr 07, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35452 MEDIUM
WWBN AVideo has Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php
Apr 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-35450 MEDIUM
WWBN AVideo has Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php
Apr 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-35449 MEDIUM
WWBN AVideo has Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php
Apr 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-35448 LOW
WWBN AVideo Provides Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php
Apr 06, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-35181 MEDIUM
WWBN AVideo Affected by CSRF on Player Skin Configuration via admin/playerUpdate.json.php
Apr 06, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-35180 MEDIUM
WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write
Apr 06, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-35179 MEDIUM
WWBN AVideo Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php
Apr 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34740 MEDIUM
AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation
Mar 31, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34739 MEDIUM
AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php
Mar 31, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-34738 MEDIUM
AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter
Mar 31, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-34737 MEDIUM
AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug
Mar 31, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34733 MEDIUM
AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard
Mar 31, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-34732 MEDIUM
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints
Mar 31, 2026
CVSS 5.3
EPSS 0.00
Products
avideo 195 AVideo 124 avideo-encoder 3 AVideo-Encoder 2
Quick Filters
Critical CVEs With Exploits In CISA KEV