WWBN/AVideo vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-7CQP-7CFV-6C3QMediumwwbn/avideo: AVideo Meet plugin: anonymous-to-admin stored XSS via unescaped participant User-Agent in…CVE-2026-55173Highwwbn/avideo: AVideo has an incomplete fix of CVE-2026-33482: sanitizeFFmpegCommand still allows a single '&'…CVE-2026-33731Mediumwwbn/avideo: AVideo has an Authorize.Net Webhook Signature Bypass that Enables Wallet Balance Inflation via…CVE-2026-33692Highwwbn/avideo: AVideo Vulnerable to Unauthenticated .env File Exposure via Official Docker Compose ConfigurationCVE-2026-33684Mediumwwbn/avideo: AVideo's Privilege Escalation via Unguarded Permission Parameters in signUp API Allows…CVE-2026-54458CriticalWWBN/AVideo: WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in…CVE-2026-50183MediumWWBN/AVideo: WWBN AVideo: Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery SectionCVE-2026-50182MediumWWBN/AVideo: WWBN AVideo: Unauthenticated Reflected XSS via $_GET['search'] in AVideo YouTubeAPI Gallery…CVE-2026-49279Highwwbn/avideo: WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket Handler…CVE-2026-47696HighWWBN/AVideo: WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpointCVE-2026-47694MediumWWBN/AVideo: WWBN AVideo: Stored XSS via unescaped Gallery category descriptionCVE-2026-46337MediumWWBN/AVideo: AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`CVE-2026-45731MediumWWBN/AVideo: AVideo: Authenticated Arbitrary File Read in view/update.phpCVE-2026-45620MediumWWBN/AVideo: AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user…CVE-2026-45619MediumWWBN/AVideo: AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the…CVE-2026-45610MediumWWBN/AVideo: AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a…CVE-2026-45580MediumWWBN/AVideo: AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attributeCVE-2026-45578HighWWBN/AVideo: AVideo: OS command injection in on_publish.php execAsync via unescaped m3u8 URLGHSA-QXVM-R42F-5P8JHighWWBN/AVideo: AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the uploaded filename…CVE-2026-43885Highwwbn/avideo: AVideo Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor and Missing…CVE-2026-43884Highwwbn/avideo: AVideo has SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()CVE-2026-43883Mediumwwbn/avideo: AVideo: IDOR in PayPalYPT Plugin Allows Any Authenticated User to Cancel Arbitrary PayPal…CVE-2026-43882Mediumwwbn/avideo: AVideo: Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event…CVE-2026-43881Mediumwwbn/avideo: AVideo: Unauthenticated User Enumeration in objects/users.json.php via isCompany Parameter Allows…CVE-2026-43880Mediumwwbn/avideo: AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Enables Phishing from the…

Stop the waste.
Protect your environment with Kodem.