Vulnerabilidades en WWBN
187 resultadosCVE-2026-34394HIGHAVideo: CSRF on Admin Plugin Configuration Enables Payment Credential HijackingEPSS 0.2%CVE-2026-33766MEDIUMAVideo has SSRF Protection Bypass via HTTP Redirect in Image Download EndpointsEPSS 0.2%CVE-2026-33499MEDIUMAVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.phpEPSS 0.2%CVE-2026-43880MEDIUMWWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From AddressEPSS 0.2%CVE-2026-27568MEDIUMAVideo has Stored Cross-Site Scripting via Markdown Comment InjectionEPSS 0.2%CVE-2026-34368MEDIUMAVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalanceEPSS 0.2%CVE-2026-43878MEDIUMWWBN AVideo: Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String LiteralEPSS 0.2%CVE-2026-33723HIGHAVideo Vulnerable to SQL Injection in Subscribe Endpoint via Unsanitized user_id Parameter in subscribe.phpEPSS 0.2%CVE-2026-34739MEDIUMAVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.phpEPSS 0.2%CVE-2026-33500MEDIUMAVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks SanitizationEPSS 0.2%CVE-2026-40935MEDIUMWWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on FailureEPSS 0.2%CVE-2026-34396MEDIUMAVideo: Stored XSS via Unescaped Plugin Configuration Values in Admin PanelEPSS 0.2%CVE-2026-41063MEDIUMWWBN AVideo has incomplete fix for CVE-2026-33500 (XSS)EPSS 0.2%CVE-2026-33295HIGHAVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.phpEPSS 0.2%CVE-2026-35179MEDIUMWWBN AVideo Unauthenticated Instagram Graph API Proxy via publishInstagram.json.phpEPSS 0.2%CVE-2026-33764MEDIUMAVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and TranscriptionsEPSS 0.2%CVE-2026-39368MEDIUMWWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal servicesEPSS 0.2%CVE-2026-39370HIGHWWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732)EPSS 0.2%CVE-2026-34613MEDIUMAVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security PluginsEPSS 0.2%CVE-2026-39367MEDIUMWWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG PageEPSS 0.2%