WWBN/AVideo vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-43879Mediumwwbn/avideo: AVideo has Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and…CVE-2026-43878Mediumwwbn/avideo: Video: Reflected XSS in plugin/Meet/iframe.php via Unescaped user and pass Parameters in JavaScript…CVE-2026-43877Mediumwwbn/avideo: AVideo: CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Authenticated Users' Profile…CVE-2026-43876Mediumwwbn/avideo: AVideo: HTML Injection in notifySubscribers.json.php Allows Platform-Branded Phishing Emails to…CVE-2026-43875Mediumwwbn/avideo: AVideo: Password Hash Leak in MobileManager OAuth Redirect URL Enables Account TakeoverCVE-2026-43874Highwwbn/avideo: AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User…CVE-2026-43873Highwwbn/avideo: AVideo: Unauthenticated Disclosure of CloneSite `myKey` via Error Echo in `cloneClient.json.php`…CVE-2026-41304Highwwbn/avideo: WWBN AVideo: RCE cause by clonesite pluginCVE-2026-41064Highwwbn/avideo: WWBN AVideo has an incomplete fix for CVE-2026-33502: Command InjectionCVE-2026-41063Mediumwwbn/avideo: WWBN AVideo has an incomplete fix for CVE-2026-33500: XSSCVE-2026-41062Mediumwwbn/avideo: WWBN AVideo has an Incomplete fix: Directory traversal bypass via query string in ReceiveImage…CVE-2026-41061Mediumwwbn/avideo: WWBN AVideo has Stored XSS via Unanchored Duration Regex in Video Encoder ReceiverCVE-2026-41060Highwwbn/avideo: WWBN AVideo has a SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURLCVE-2026-41058Mediumwwbn/avideo: WWBN AVideo has an incomplete fix for CVE-2026-33293: Path TraversalCVE-2026-41057Highwwbn/avideo: WWBN AVideo has a CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true)…CVE-2026-41056Highwwbn/avideo: WWBN AVideo has CORS Origin Reflection with Credentials on Sensitive API Endpoints Enables…CVE-2026-41055Mediumwwbn/avideo: WWBN AVideo has an incomplete fix for CVE-2026-33039: SSRFCVE-2026-40935Mediumwwbn/avideo: CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token…CVE-2026-40929Mediumwwbn/avideo: WWBN AVideo is missing CSRF protection in objects/commentDelete.json.php enables mass comment…CVE-2026-40928Mediumwwbn/avideo: WWBN AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment…CVE-2026-40926Highwwbn/avideo: WWBN AVideo has Multiple CSRF Vulnerabilities in Admin JSON Endpoints (Category CRUD, Plugin Update…CVE-2026-40925Highwwbn/avideo: WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover…CVE-2026-40911Criticalwwbn/avideo: WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript…CVE-2026-40909Highwwbn/avideo: WWBN AVideo has a Path Traversal in Locale Save Endpoint Enables Arbitrary PHP File Write to Any…CVE-2026-40908Mediumwwbn/avideo: WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php Exposes Developer Emails…

Stop the waste.
Protect your environment with Kodem.