| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33723 | AVideo Vulnerable to SQL Injection in Subscribe Endpoint via Unsanitized user_id Parameter in subscribe.php | WWBN | AVideo | High | 7.1 | 2026-03-23 18:50:34 | Deep Dive |
| CVE-2026-33719 | AVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.php | WWBN | AVideo | High | 8.6 | 2026-03-23 18:49:28 | Deep Dive |
| CVE-2026-33717 | AVideo Vulnerable to Remote Code Execution via Persistent PHP Temp File in Encoder downloadURL with Resolution Validation Abort | WWBN | AVideo | High | 8.8 | 2026-03-23 18:48:25 | Deep Dive |
| CVE-2026-33716 | AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php | WWBN | AVideo | Critical | 9.4 | 2026-03-23 18:46:47 | Deep Dive |
| CVE-2026-33690 | AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr() | WWBN | AVideo | Medium | 5.3 | 2026-03-23 18:45:26 | Deep Dive |
| CVE-2026-33688 | AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint | WWBN | AVideo | Medium | 5.3 | 2026-03-23 18:43:59 | Deep Dive |
| CVE-2026-33685 | AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data | WWBN | AVideo | Medium | 5.3 | 2026-03-23 18:42:45 | Deep Dive |
| CVE-2026-33683 | AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field | WWBN | AVideo | Medium | 5.4 | 2026-03-23 18:41:14 | Deep Dive |
| CVE-2026-33681 | AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name | WWBN | AVideo | High | 7.2 | 2026-03-23 18:39:34 | Deep Dive |
| CVE-2026-33651 | AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat() | WWBN | AVideo | High | 8.1 | 2026-03-23 18:38:23 | Deep Dive |
| CVE-2026-33650 | AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion | WWBN | AVideo | High | 7.6 | 2026-03-23 18:28:13 | Deep Dive |
| CVE-2026-33649 | AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification | WWBN | AVideo | High | 8.1 | 2026-03-23 18:26:33 | Deep Dive |
| CVE-2026-33648 | AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File Path | WWBN | AVideo | High | 8.8 | 2026-03-23 18:25:07 | Deep Dive |
| CVE-2026-33647 | AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload | WWBN | AVideo | High | 8.8 | 2026-03-23 18:23:20 | Deep Dive |
| CVE-2026-33513 | AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP) | WWBN | AVideo | High | 8.6 | 2026-03-23 18:21:59 | Deep Dive |
| CVE-2026-33512 | AVideo has an unauthenticated decrypt oracle leaking any ciphertext | WWBN | AVideo | High | 7.5 | 2026-03-23 18:17:47 | Deep Dive |
| CVE-2026-33507 | AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload | WWBN | AVideo | High | 8.8 | 2026-03-23 16:32:29 | Deep Dive |
| CVE-2026-33502 | AVideo has Unauthenticated SSRF via plugin/Live/test.php | WWBN | AVideo | Critical | 9.3 | 2026-03-23 16:29:48 | Deep Dive |
| CVE-2026-33501 | AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin | WWBN | AVideo | Medium | 5.3 | 2026-03-23 16:28:21 | Deep Dive |
| CVE-2026-33500 | AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization | WWBN | AVideo | Medium | 5.4 | 2026-03-23 16:24:53 | Deep Dive |