wwbn
207 tracked vulnerabilities.
CVE-2026-33867
HIGH
AVideo has Plaintext Video Password Storage
Mar 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33770
CRITICAL
AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables
Mar 27, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-33767
HIGH
AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into Query
Mar 27, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-33766
MEDIUM
AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints
Mar 27, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33764
MEDIUM
AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions
Mar 27, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33763
MEDIUM
AVideo <=26.0 Video Password Oracle - Brute Force
Mar 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33761
MEDIUM
AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings
Mar 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33759
MEDIUM
AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents
Mar 27, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33723
HIGH
AVideo Vulnerable to SQL Injection in Subscribe Endpoint via Unsanitized user_id Parameter in subscribe.php
Mar 23, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-33719
HIGH
WWBN AVideo <= 26.0 - Unauthenticated CDN Configuration Modification via par Parameter
Mar 23, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-33717
HIGH
AVideo Vulnerable to Remote Code Execution via Persistent PHP Temp File in Encoder downloadURL with Resolution Validation Abort
Mar 23, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33716
CRITICAL
AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php
Mar 23, 2026
CVSS 9.4
EPSS 0.00
CVE-2026-33690
MEDIUM
WWBN AVideo <= 26.0 - IP Address Spoofing via HTTP Header Manipulation
Mar 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33688
MEDIUM
AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint
Mar 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33685
MEDIUM
AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data
Mar 23, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33683
MEDIUM
WWBN AVideo <= 26.0 - Stored Cross-Site Scripting via User Profile About Field
Mar 23, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-33681
HIGH
AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name
Mar 23, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-33651
HIGH
AVideo <=26.0 Live Schedule Reminder - Blind SQL Injection
Mar 23, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33650
HIGH
AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion
Mar 23, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-33649
HIGH
AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification
Mar 23, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33648
HIGH
WWBN AVideo <=26.0 - Command Injection
Mar 23, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-33647
HIGH
AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload
Mar 23, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-33513
HIGH
AVideo <=26.0 API locale - Unauthenticated Local File Inclusion
Mar 23, 2026
CVSS 8.6
EPSS 0.01
CVE-2026-33512
HIGH
WWBN AVideo <=26.0 - Info Disclosure
Mar 23, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33507
HIGH
AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload
Mar 23, 2026
CVSS 8.8
EPSS 0.00
Quick Filters