WWBN/AVideo vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-33351Criticalwwbn/avideo: AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to…CVE-2026-33297Mediumwwbn/avideo: AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.phpCVE-2026-33296Lowwwbn/avideo: AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.phpCVE-2026-33295Highwwbn/avideo: AVideo Affected by Stored XSS via Unescaped Video Title in CDN downloadButtons.phpCVE-2026-33294Mediumwwbn/avideo: AVideo Affected by SSRF in BulkEmbed Thumbnail Fetch Allows Reading Internal Network ResourcesCVE-2026-33293Highwwbn/avideo: AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump ParameterCVE-2026-33292Highwwbn/avideo: AVideo has an Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid…GHSA-5X2W-37XF-7962Mediumwwbn/avideo: AVideo has Unauthenticated PGP Message Decryption via Public EndpointCVE-2026-33319Mediumwwbn/avideo: AVideo has an OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell CommandCVE-2026-33238Mediumwwbn/avideo: AVideo has a Path Traversal in listFiles.json.php Enables Server Filesystem EnumerationCVE-2026-33237Mediumwwbn/avideo: AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` ValidationCVE-2026-33039Highwwbn/avideo: AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxyCVE-2026-33035Mediumwwbn/avideo: Unauthenticated Reflected XSS via innerHTML in AVideoCVE-2026-33043Highwwbn/avideo: AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORSCVE-2026-33041Mediumwwbn/avideo: AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.phpCVE-2026-33038Highwwbn/avideo: AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized…CVE-2026-30885Mediumwwbn/avideo: AVideo has Unauthenticated IDOR - Playlist Information DisclosureCVE-2026-29093Highwwbn/avideo: AVideo: Unauthenticated PHP session store exposed to host network via published memcached portCVE-2026-29058Criticalwwbn/avideo: WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in…CVE-2026-28502Criticalwwbn/avideo: AVideo has Authenticated Remote Code Execution via Unsafe Plugin ZIP ExtractionCVE-2026-28501Criticalwwbn/avideo: AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.phpCVE-2026-27732Highwwbn/avideo: AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.phpCVE-2026-27568Mediumwwbn/avideo: AVideo has Stored Cross-Site Scripting via Markdown Comment InjectionCVE-2024-34899Mediumwwbn/avideo: AVideo cross-site scripting vulnerability in the view/about.php pageCVE-2024-31819Criticalwwbn/avideo: WWBN AVideo Remote Code Execution

Stop the waste.
Protect your environment with Kodem.