WWBN/AVideo vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-33683Mediumwwbn/avideo: AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in…CVE-2026-33681Highwwbn/avideo: AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution…CVE-2026-33651Highwwbn/avideo: AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in…CVE-2026-33650Highwwbn/avideo: AVideo: Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video DeletionCVE-2026-33649Highwwbn/avideo: AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary…CVE-2026-33648Highwwbn/avideo: AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and…CVE-2026-33647Highwwbn/avideo: AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File UploadCVE-2026-33513Highwwbn/avideo: AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP)CVE-2026-33512Highwwbn/avideo: AVideo has an unauthenticated decrypt oracle leaking any ciphertextCVE-2026-33507Highwwbn/avideo: AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via…CVE-2026-33502Criticalwwbn/avideo: AVideo has Unauthenticated SSRF via plugin/Live/test.phpCVE-2026-33501Mediumwwbn/avideo: AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions…CVE-2026-33500Mediumwwbn/avideo: AVideo - Incomplete Fix for CVE-2026-27568: Stored XSS via Markdown `javascript:` URI Bypasses…CVE-2026-33499Mediumwwbn/avideo: AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.phpCVE-2026-33493Highwwbn/avideo: AVideo has a Path Traversal in import.json.php Allows Private Video Theft and Arbitrary File…CVE-2026-33492Highwwbn/avideo: AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session RegenerationCVE-2026-33488Highwwbn/avideo: AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl…CVE-2026-33485Highwwbn/avideo: AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name…CVE-2026-33483Highwwbn/avideo: AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in…CVE-2026-33482Highwwbn/avideo: AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()CVE-2026-33480Highwwbn/avideo: AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks…CVE-2026-33479Highwwbn/avideo: AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF…CVE-2026-33478Criticalwwbn/avideo: AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database…CVE-2026-33354Highwwbn/avideo: AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in…CVE-2026-33352Criticalwwbn/avideo: AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)

Stop the waste.
Protect your environment with Kodem.