| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33499 | AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php | WWBN | AVideo | Medium | 6.1 | 2026-03-23 16:11:58 | Deep Dive |
| CVE-2026-33493 | AVideo has a Path Traversal in import.json.php that Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter | WWBN | AVideo | High | 7.1 | 2026-03-23 15:52:34 | Deep Dive |
| CVE-2026-33492 | AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration | WWBN | AVideo | High | 7.3 | 2026-03-23 15:25:27 | Deep Dive |
| CVE-2026-33488 | AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin | WWBN | AVideo | High | 7.4 | 2026-03-23 15:23:01 | Deep Dive |
| CVE-2026-33485 | AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter | WWBN | AVideo | High | 7.5 | 2026-03-23 14:14:15 | Deep Dive |
| CVE-2026-33483 | AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php | WWBN | AVideo | High | 7.5 | 2026-03-23 14:12:05 | Deep Dive |
| CVE-2026-33482 | AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand() | WWBN | AVideo | High | 8.1 | 2026-03-23 14:10:10 | Deep Dive |
| CVE-2026-33480 | AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy | WWBN | AVideo | High | 8.6 | 2026-03-23 14:08:49 | Deep Dive |
| CVE-2026-33479 | AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin | WWBN | AVideo | High | 8.8 | 2026-03-23 14:05:56 | Deep Dive |
| CVE-2026-33478 | AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection | WWBN | AVideo | Critical | 10.0 | 2026-03-23 14:01:20 | Deep Dive |
| CVE-2026-33354 | AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php` | WWBN | AVideo | High | 7.6 | 2026-03-23 13:58:14 | Deep Dive |
| CVE-2026-33352 | AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) | WWBN | AVideo | Critical | 9.8 | 2026-03-23 13:53:47 | Deep Dive |
| CVE-2026-33351 | AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass | WWBN | AVideo | Critical | 9.1 | 2026-03-23 13:51:44 | Deep Dive |
| CVE-2026-33297 | AVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php | WWBN | AVideo | 超危 | - | 2026-03-23 13:46:17 | Deep Dive |
| CVE-2026-33296 | AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php | WWBN | AVideo | 中危 | - | 2026-03-22 17:03:16 | Deep Dive |
| CVE-2026-33295 | AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php | WWBN | AVideo | 中危 | - | 2026-03-22 17:00:56 | Deep Dive |
| CVE-2026-33294 | AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources | WWBN | AVideo | Medium | 5.0 | 2026-03-22 16:58:10 | Deep Dive |
| CVE-2026-33293 | AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter | WWBN | AVideo | High | 8.1 | 2026-03-22 16:35:16 | Deep Dive |
| CVE-2026-33319 | AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command | WWBN | AVideo | Medium | 5.9 | 2026-03-22 16:29:09 | Deep Dive |
| CVE-2026-33292 | AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos | WWBN | AVideo | High | 7.5 | 2026-03-22 16:26:09 | Deep Dive |