Vulnerabilities in WWBN
187 resultsCVE-2026-33483HIGHAVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.phpEPSS 0.6%CVE-2023-48730HIGHA cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15feEPSS 0.6%CVE-2026-33479HIGHAVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against AdminEPSS 0.5%CVE-2026-33767HIGHAVideo has SQL Injection via Partial Prepared Statement — videos_id Concatenated Directly into QueryEPSS 0.5%CVE-2026-33293HIGHAVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump ParameterEPSS 0.5%CVE-2026-33681HIGHAVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin NameEPSS 0.5%CVE-2026-33770HIGHAVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id VariablesEPSS 0.5%CVE-2026-29093HIGHWWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached portEPSS 0.5%CVE-2026-33038HIGHAVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deploymentsEPSS 0.5%CVE-2026-34731HIGHAVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.phpEPSS 0.5%CVE-2026-45731MEDIUMWWBN AVideo: Authenticated Arbitrary File Read in view/update.phpEPSS 0.5%CVE-2026-41058HIGHAVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideoEPSS 0.5%CVE-2026-33485HIGHAVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name ParameterEPSS 0.5%CVE-2026-46337MEDIUMWWBN AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php`EPSS 0.5%CVE-2026-33039HIGHAVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxyEPSS 0.5%CVE-2026-33502CRITICALAVideo has Unauthenticated SSRF via plugin/Live/test.phpEPSS 0.4%CVE-2026-33024CRITICALAVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail GeneratorEPSS 0.4%CVE-2026-33716CRITICALAVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.phpEPSS 0.4%CVE-2026-33352CRITICALAVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)EPSS 0.4%CVE-2026-33351CRITICALAVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification BypassEPSS 0.4%