WWBN/AVideo vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-40907Mediumwwbn/avideo: WWBN AVideo has an IDOR in Live Restreams list.json.php Exposes Other Users' Stream Keys and OAuth…CVE-2026-39370HighWWBN/AVideo: WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable…CVE-2026-39369HighWWBN/AVideo: WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public…CVE-2026-39368MediumWWBN/AVideo: WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal servicesCVE-2026-39367Mediumwwbn/avideo: WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG PageCVE-2026-39366Mediumwwbn/avideo: WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing…CVE-2026-35452Mediumwwbn/avideo: AVideo: Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.phpCVE-2026-35450Mediumwwbn/avideo: AVideo: Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.phpCVE-2026-35449Mediumwwbn/avideo: AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.phpCVE-2026-35448Lowwwbn/avideo: AVideo: Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.phpCVE-2026-35181Mediumwwbn/avideo: AVideo: CSRF on Player Skin Configuration via admin/playerUpdate.json.phpCVE-2026-35179Mediumwwbn/avideo: AVideo: Unauthenticated Instagram Graph API Proxy via publishInstagram.json.phpGHSA-GMPC-FXG2-VCMQMediumwwbn/avideo: AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu PluginCVE-2026-34740Mediumwwbn/avideo: AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() ValidationCVE-2026-34739Mediumwwbn/avideo: AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.phpCVE-2026-34738Mediumwwbn/avideo: AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request ParameterCVE-2026-34737Mediumwwbn/avideo: AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions()…CVE-2026-34733Mediumwwbn/avideo: AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI GuardCVE-2026-34732Mediumwwbn/avideo: AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 EndpointsCVE-2026-34731Highwwbn/avideo: AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.phpCVE-2026-34716Mediumwwbn/avideo: AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call NotificationCVE-2026-34613Mediumwwbn/avideo: AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security PluginsCVE-2026-34611Mediumwwbn/avideo: AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All UsersCVE-2026-34396Mediumwwbn/avideo: AVideo has Stored XSS via Unescaped Plugin Configuration Values in Admin PanelCVE-2026-34395Mediumwwbn/avideo: AVideo vulnerable to Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php

Stop the waste.
Protect your environment with Kodem.