wwbn
207 tracked vulnerabilities.
CVE-2026-33043
HIGH
AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33041
MEDIUM
AVideo <26.0 encryptPass.json.php - Password Hash Oracle
Mar 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33039
HIGH
AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy
Mar 20, 2026
CVSS 8.6
EPSS 0.00
CVE-2026-33038
HIGH
AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments
Mar 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33037
HIGH
WWBN AVideo has predictable default admin credentials in official Docker deployment path
Mar 20, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-33035
MEDIUM
Unauthenticated Reflected XSS via innerHTML in AVideo
Mar 20, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-33025
HIGH
AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause
Mar 20, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33024
CRITICAL
AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator
Mar 20, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-30885
MEDIUM
WWBN AVideo <25.0 - Info Disclosure
Mar 10, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-29058
CRITICAL
AVideo < 7.0 - Unauthenticated OS Command Injection via base64Url GET Parameter
Mar 06, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-29093
HIGH
WWBN AVideo <24.0 - Session Hijacking
Mar 06, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28502
HIGH
WWBN AVideo <24.0 - Authenticated RCE
Mar 06, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-28501
CRITICAL
WWBN AVideo < 24.0 - Unauthenticated SQL Injection via catName Parameter in JSON POST Request
Mar 06, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-27732
HIGH
WWBN AVideo < 22.0 - Authenticated Server-Side Request Forgery via aVideoEncoder.json.php DownloadURL Parameter
Feb 24, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-27568
MEDIUM
WWBN AVideo < 21.0 - Authenticated Stored Cross-Site Scripting via Markdown Link Injection
Feb 24, 2026
CVSS 6.1
EPSS 0.00
CVE-2025-34442
HIGH
AVideo < 20.1 - Sensitive System Information Exposure via Public API Endpoints
Dec 17, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-34441
HIGH
AVideo < 20.1 - Unauthenticated Exposure of Sensitive User Information via Public API
Dec 17, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-34440
MEDIUM
AVideo < 20.1 - Open Redirect via siteRedirectUri Parameter
Dec 17, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-34439
MEDIUM
AVideo < 20.1 - Open Redirect via cancelUri Parameter
Dec 17, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-34438
HIGH
AVideo < 20.1 - Insecure Direct Object Reference in Video Rotation Metadata
Dec 17, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-34437
HIGH
AVideo < 20.1 - Authenticated Arbitrary Comment Image Upload via Missing Ownership Check
Dec 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-34436
HIGH
AVideo < 20.1 - Authenticated Arbitrary File Upload via Insecure Direct Object Reference
Dec 17, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-34435
MEDIUM
AVideo < 20.1 - Authenticated Arbitrary File Deletion via IDOR
Dec 17, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-34434
CRITICAL
AVideo < 20.1 - Unauthenticated Arbitrary File Upload and Deletion via ImageGallery Plugin
Dec 17, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-53084
CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via VideosList Page Parameter
Jul 24, 2025
CVSS 9.0
EPSS 0.01
Quick Filters