wwbn
207 tracked vulnerabilities.
CVE-2025-50128
CRITICAL
WWBN AVideo 14.4 and dev master - Stored Cross-Site Scripting via videoNotFound 404ErrorMsg Parameter
Jul 24, 2025
CVSS 9.6
EPSS 0.01
CVE-2025-48732
HIGH
WWBN AVideo 14.4 and dev master - Remote Code Execution via .phar File Request
Jul 24, 2025
CVSS 7.3
EPSS 0.01
CVE-2025-46410
CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via managerPlaylists PlaylistOwnerUsersId Parameter
Jul 24, 2025
CVSS 9.6
EPSS 0.01
CVE-2025-41420
CRITICAL
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via UserLogin cancelUri Parameter
Jul 24, 2025
CVSS 9.6
EPSS 0.01
CVE-2025-36548
HIGH
WWBN AVideo 14.4 and dev master - Cross-Site Scripting via LoginWordPress cancelUri Parameter
Jul 24, 2025
CVSS 8.3
EPSS 0.01
CVE-2025-25214
HIGH
WWBN AVideo 14.4 RCE via Race Condition in aVideoEncoder.json.php Unzip
Jul 24, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-34899
MEDIUM
WWBN AVideo 12.4 - Cross-Site Scripting
May 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-31819
CRITICAL
WWBN AVideo 12.4-14.2 - Remote Code Execution via systemRootPath Parameter
Apr 10, 2024
CVSS 9.8
EPSS 0.16
CVE-2023-50172
MEDIUM
WWBN AVideo - Recovery Notification Bypass via Captcha Validation
Jan 10, 2024
CVSS 5.3
EPSS 0.01
CVE-2023-49864
MEDIUM
WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_image Parameter
Jan 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49863
MEDIUM
WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_webpimage Parameter
Jan 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49862
MEDIUM
WWBN AVideo - Arbitrary File Read via aVideoEncoderReceiveImage.json.php downloadURL_gifimage Parameter
Jan 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-49810
HIGH
WWBN AVideo - Login Attempt Restriction Bypass via Captcha Bypass
Jan 10, 2024
CVSS 7.3
EPSS 0.01
CVE-2023-49738
HIGH
WWBN AVideo - Arbitrary File Read via image404Raw.php
Jan 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-49715
MEDIUM
WWBN AVideo - Unrestricted PHP File Upload via import.json.php Temporary Copy
Jan 10, 2024
CVSS 4.3
EPSS 0.01
CVE-2023-49599
CRITICAL
WWBN AVideo - Insufficient Entropy in Salt Generation
Jan 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-49589
HIGH
WWBN AVideo - Weak Password Recovery Mechanism in userRecoverPass.php
Jan 10, 2024
CVSS 8.8
EPSS 0.01
CVE-2023-48730
HIGH
WWBN AVideo - Stored Cross-Site Scripting in Navbar Menu User Name
Jan 10, 2024
CVSS 8.5
EPSS 0.01
CVE-2023-48728
CRITICAL
NUCLEI
WWBN AVideo 11.6 and dev master commit 3c6bb3ff - Cross-Site Scripting via getOpenGraph videoName Function
Jan 10, 2024
CVSS 9.6
EPSS 0.02
CVE-2023-47862
CRITICAL
WWBN AVideo - Local File Inclusion and Remote Code Execution via getLanguageFromBrowser
Jan 10, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-47861
CRITICAL
WWBN AVideo 11.6 and dev master commit 15fed957fb - Cross-Site Scripting in channelBody.php User Name
Jan 10, 2024
CVSS 9.0
EPSS 0.01
CVE-2023-47171
MEDIUM
WWBN AVideo 11.6 and dev master commit 15fed957fb - Arbitrary File Read via aVideoEncoder.json.php chunkFile Path
Jan 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-32073
HIGH
WWBN AVideo < 12.4 - Remote Code Execution via CloneSite Plugin
May 12, 2023
CVSS 8.8
EPSS 0.06
CVE-2023-30860
HIGH
WWBN AVideo < 12.4 - Stored Cross-Site Scripting via Meeting Room Creation
May 08, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-30854
HIGH
AVideo < 12.4 - Authenticated Remote Code Execution via CloneSite Plugin Endpoint
Apr 28, 2023
CVSS 8.8
EPSS 0.05
Quick Filters