wwbn

207 tracked vulnerabilities.

CVE-2026-33043 HIGH
AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33041 MEDIUM
AVideo <26.0 encryptPass.json.php - Password Hash Oracle
Mar 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33039 HIGH
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy
Mar 20, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-33038 HIGH
AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33037 HIGH
WWBN AVideo has predictable default admin credentials in official Docker deployment path
Mar 20, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-33035 MEDIUM
Unauthenticated Reflected XSS via innerHTML in AVideo
Mar 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33025 HIGH
AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause
Mar 20, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33024 CRITICAL
AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator
Mar 20, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-30885 MEDIUM
WWBN AVideo <25.0 - Info Disclosure
Mar 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-29058 CRITICAL
AVideo < 7.0 - Unauthenticated OS Command Injection via base64Url GET Parameter
Mar 06, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-29093 HIGH
WWBN AVideo <24.0 - Session Hijacking
Mar 06, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28502 HIGH
WWBN AVideo <24.0 - Authenticated RCE
Mar 06, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-28501 CRITICAL
WWBN AVideo < 24.0 - Unauthenticated SQL Injection via catName Parameter in JSON POST Request
Mar 06, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-27732 HIGH
WWBN AVideo < 22.0 - Authenticated Server-Side Request Forgery via aVideoEncoder.json.php DownloadURL Parameter
Feb 24, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-27568 MEDIUM
WWBN AVideo < 21.0 - Authenticated Stored Cross-Site Scripting via Markdown Link Injection
Feb 24, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-34442 HIGH
AVideo < 20.1 - Sensitive System Information Exposure via Public API Endpoints
Dec 17, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-34441 HIGH
AVideo < 20.1 - Unauthenticated Exposure of Sensitive User Information via Public API
Dec 17, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-34440 MEDIUM
AVideo < 20.1 - Open Redirect via siteRedirectUri Parameter
Dec 17, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-34439 MEDIUM
AVideo < 20.1 - Open Redirect via cancelUri Parameter
Dec 17, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-34438 HIGH
AVideo < 20.1 - Insecure Direct Object Reference in Video Rotation Metadata
Dec 17, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-34437 HIGH
AVideo < 20.1 - Authenticated Arbitrary Comment Image Upload via Missing Ownership Check
Dec 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-34436 HIGH
AVideo < 20.1 - Authenticated Arbitrary File Upload via Insecure Direct Object Reference
Dec 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-34435 MEDIUM
AVideo < 20.1 - Authenticated Arbitrary File Deletion via IDOR
Dec 17, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-34434 CRITICAL
AVideo < 20.1 - Unauthenticated Arbitrary File Upload and Deletion via ImageGallery Plugin
Dec 17, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-53084 CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via VideosList Page Parameter
Jul 24, 2025
CVSS 9.0
EPSS 0.01