WWBN/AVideo vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-34394Highwwbn/avideo: AVideo's CSRF on Admin Plugin Configuration Enables Payment Credential HijackingCVE-2026-34375Highwwbn/avideo: AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment PageCVE-2026-34369Mediumwwbn/avideo: AVideo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources…CVE-2026-34368Mediumwwbn/avideo: AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalanceCVE-2026-34364Mediumwwbn/avideo: AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering…CVE-2026-34362Mediumwwbn/avideo: AVideo's WebSocket Token Never Expires Due to Commented-Out Timeout Validation in…CVE-2026-34247Mediumwwbn/avideo: AVideo: IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream…CVE-2026-34245Mediumwwbn/avideo: AVideo: Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast HijackingGHSA-WPRJ-9CVC-5W37Highwwbn/avideo: AVideo: Unauthenticated Access to Payment Log DataTables Endpoints Exposes Transaction Data, PayPal…CVE-2026-33867Criticalwwbn/avideo: AVideo has Plaintext Video Password StorageCVE-2026-33770Highwwbn/avideo: AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id…CVE-2026-33767Highwwbn/avideo: AVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into QueryCVE-2026-33766Mediumwwbn/avideo: AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download EndpointsCVE-2026-33764Mediumwwbn/avideo: AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and TranscriptionsCVE-2026-33763Mediumwwbn/avideo: AVideo has an Unauthenticated Video Password Brute-Force Vulnerability via Unrate-Limited Boolean…CVE-2026-33761Mediumwwbn/avideo: AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content,…CVE-2026-33759Mediumwwbn/avideo: AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist ContentsCVE-2026-33723Highwwbn/avideo: AVideo is Vulnerable to SQL Injection through Subscribe Endpoint via Unsanitized user_id ParameterCVE-2026-33719Highwwbn/avideo: AVideo: Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-AssignmentCVE-2026-33717Highwwbn/avideo: AVideo: Remote Code Execution via PHP Temp File in Encoder downloadURLCVE-2026-33716Criticalwwbn/avideo: AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in…CVE-2026-33690Mediumwwbn/avideo: AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr()GHSA-WXJX-R2J2-96FXMediumwwbn/avideo: AVideo: Full-Read SSRF Through Unvalidated statsURL Parameter in plugin/Live/test.phpCVE-2026-33688Mediumwwbn/avideo: AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery EndpointCVE-2026-33685Mediumwwbn/avideo: AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign…

Stop the waste.
Protect your environment with Kodem.