wwbn

197 tracked vulnerabilities.

CVE-2026-33480 HIGH
AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy
Mar 23, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-33479 HIGH
AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin
Mar 23, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33478 CRITICAL NUCLEI
AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection
Mar 23, 2026
CVSS 10.0
EPSS 0.08
CVE-2026-33354 HIGH
AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`
Mar 23, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-33352 CRITICAL
AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)
Mar 23, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-33351 CRITICAL
AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass
Mar 23, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-33297 CRITICAL
AVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php
Mar 23, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-33319 MEDIUM
AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command
Mar 22, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-33296 MEDIUM
AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php
Mar 22, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33295 MEDIUM
AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php
Mar 22, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-33294 MEDIUM
AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources
Mar 22, 2026
CVSS 5.0
EPSS 0.00
CVE-2026-33293 HIGH
AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter
Mar 22, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33292 HIGH
AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos
Mar 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33238 MEDIUM
AVideo has a Path Traversal in listFiles.json.php that Enables Server Filesystem Enumeration
Mar 21, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-33237 MEDIUM
AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation
Mar 21, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-33043 HIGH
AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33041 MEDIUM
AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php
Mar 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33039 HIGH
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy
Mar 20, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-33038 HIGH
AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33037 HIGH
WWBN AVideo has predictable default admin credentials in official Docker deployment path
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33035 MEDIUM
Unauthenticated Reflected XSS via innerHTML in AVideo
Mar 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33025 HIGH
AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause
Mar 20, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33024 CRITICAL
AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator
Mar 20, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-30885 MEDIUM
WWBN AVideo <25.0 - Info Disclosure
Mar 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-29058 CRITICAL
AVideo < 7.0 - Unauthenticated OS Command Injection via base64Url GET Parameter
Mar 06, 2026
CVSS 9.8
EPSS 0.52
Products
avideo 195 AVideo 124 avideo-encoder 3 AVideo-Encoder 2
Quick Filters
Critical CVEs With Exploits In CISA KEV