Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WWBN — Vulnerabilities & Security Advisories 164

Browse all 164 CVE security advisories affecting WWBN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by WWBN:AVideoAVideo-Encoder
CVE IDTitleCVSSSeverityPublished
CVE-2026-41304 WWBN AVideo vulnerable to RCE caused by clonesite plugin — AVideoCWE-77 8.8AIHighAI2026-04-21
CVE-2026-41064 AVideo has an incomplete fix for CVE-2026-33502 (Command Injection) — AVideoCWE-78 9.3 Critical2026-04-21
CVE-2026-41063 WWBN AVideo has incomplete fix for CVE-2026-33500 (XSS) — AVideoCWE-79 5.4 Medium2026-04-21
CVE-2026-41062 WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters — AVideoCWE-22 6.5 Medium2026-04-21
CVE-2026-41061 WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver — AVideoCWE-79 5.4 Medium2026-04-21
CVE-2026-41060 AVideo's SSRF via same-domain hostname with alternate port bypasses isSSRFSafeURL — AVideoCWE-918 7.7 High2026-04-21
CVE-2026-41058 AVideo has an incomplete fix for CVE-2026-33293 (Path Traversal) in AVideo — AVideoCWE-22 8.1 High2026-04-21
CVE-2026-41057 AVideo has CORS Origin Reflection Bypass via plugin/API/router.php and allowOrigin(true) that Exposes Authenticated API Responses — AVideoCWE-346 7.1 High2026-04-21
CVE-2026-41056 AVideos has CORS Origin Reflection with Credentials on Sensitive API Endpoints that Enables Cross-Origin Account Takeover — AVideoCWE-942 8.1 High2026-04-21
CVE-2026-41055 AVideo has an incomplete fix for CVE-2026-33039 (SSRF) — AVideoCWE-918 8.6 High2026-04-21
CVE-2026-40935 WWBN/AVideo has CAPTCHA Bypass via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure — AVideoCWE-804 5.3 Medium2026-04-21
CVE-2026-40929 WWBN AVideo's missing CSRF protection in objects/commentDelete.json.php enables mass comment deletion against moderators and content creators — AVideoCWE-352 5.4 Medium2026-04-21
CVE-2026-40928 AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion — AVideoCWE-352 5.4 Medium2026-04-21
CVE-2026-40926 WWBN AVideo Vulnerable to CSRF in Admin JSON Endpoints (Category CRUD, Plugin Update Script) — AVideoCWE-352 7.1 High2026-04-21
CVE-2026-40925 WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials — AVideoCWE-352 8.3 High2026-04-21
CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks — AVideoCWE-94 10.0 Critical2026-04-21
CVE-2026-40909 WWBN AVideo has a Path Traversal in Locale Save Endpoint that Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE) — AVideoCWE-22 8.7 High2026-04-21
CVE-2026-40908 WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php that Exposes Developer Emails and Deployed Version — AVideoCWE-200 5.3 Medium2026-04-21
CVE-2026-40907 WWBN AVideo has IDOR in Live Restreams list.json.php that Exposes Other Users' Stream Keys and OAuth Tokens — AVideoCWE-639 6.5 Medium2026-04-21
CVE-2026-39370 WWBN AVideo has an Allowlisted downloadURL media extensions bypass SSRF protection and enable internal response exfiltration (Incomplete fix for CVE-2026-27732) — AVideoCWE-918 7.1 High2026-04-07
CVE-2026-39369 WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs — AVideoCWE-22 7.6 High2026-04-07
CVE-2026-39368 WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services — AVideoCWE-918 6.5 Medium2026-04-07
CVE-2026-39367 WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page — AVideoCWE-79 5.4 Medium2026-04-07
CVE-2026-39366 WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php — AVideoCWE-345 6.5 Medium2026-04-07
CVE-2026-35452 WWBN AVideo has Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.php — AVideoCWE-200 5.3 Medium2026-04-06
CVE-2026-35450 WWBN AVideo has Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php — AVideoCWE-306 5.3 Medium2026-04-06
CVE-2026-35449 WWBN AVideo has Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php — AVideoCWE-200 5.3 Medium2026-04-06
CVE-2026-35448 WWBN AVideo Provides Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php — AVideoCWE-862 3.7 Low2026-04-06
CVE-2026-35181 WWBN AVideo Affected by CSRF on Player Skin Configuration via admin/playerUpdate.json.php — AVideoCWE-352 4.3 Medium2026-04-06
CVE-2026-35180 WWBN AVideo affected by CSRF on Site Customization Endpoint Enables Logo Overwrite via Base64 File Write — AVideoCWE-352 4.3 Medium2026-04-06

This page lists every published CVE security advisory associated with WWBN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.