Vulnerabilidades en WWBN
187 resultadosCVE-2022-34652HIGHA sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted EPSS 0.9%CVE-2023-50172MEDIUMA recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master coEPSS 0.8%CVE-2023-47861CRITICALA cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 1EPSS 0.8%CVE-2022-32768MEDIUMMultiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7cEPSS 0.8%CVE-2021-21286HIGHAuthorization Bypass in AVideo PlatformEPSS 0.8%CVE-2025-50128CRITICALA cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev masteEPSS 0.8%CVE-2025-46410CRITICALA cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 aEPSS 0.8%CVE-2026-33513HIGHAVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP)EPSS 0.7%CVE-2026-41062MEDIUMWWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parametersEPSS 0.7%CVE-2023-30860HIGHWWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's accountEPSS 0.7%CVE-2025-53084CRITICALA cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8EPSS 0.7%CVE-2026-33292HIGHAVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid VideosEPSS 0.7%CVE-2026-28502CRITICALWWBN AVideo: Authenticated Remote Code Execution via Unsafe Plugin ZIP ExtractionEPSS 0.7%CVE-2026-33037HIGHWWBN AVideo has predictable default admin credentials in official Docker deployment pathEPSS 0.7%CVE-2023-49810HIGHA login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb.EPSS 0.7%CVE-2022-32769MEDIUMMultiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7cEPSS 0.7%CVE-2026-40909HIGHWWBN AVideo has a Path Traversal in Locale Save Endpoint that Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE)EPSS 0.7%CVE-2026-40911CRITICALWWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() SinksEPSS 0.6%CVE-2026-33647HIGHAVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File UploadEPSS 0.6%CVE-2026-33648HIGHAVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File PathEPSS 0.6%