Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WWBN — Vulnerabilities & Security Advisories 164

Browse all 164 CVE security advisories affecting WWBN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by WWBN:AVideoAVideo-Encoder
CVE IDTitleCVSSSeverityPublished
CVE-2026-33354 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php` — AVideoCWE-73 7.6 High2026-03-23
CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) — AVideoCWE-89 9.8 Critical2026-03-23
CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass — AVideoCWE-918 9.1 Critical2026-03-23
CVE-2026-33297 AVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php — AVideoCWE-639 9.1 -2026-03-23
CVE-2026-33296 AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php — AVideoCWE-601 6.1 -2026-03-22
CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php — AVideoCWE-79 5.4 -2026-03-22
CVE-2026-33294 AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources — AVideoCWE-918 5.0 Medium2026-03-22
CVE-2026-33293 AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter — AVideoCWE-22 8.1 High2026-03-22
CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command — AVideoCWE-78 5.9 Medium2026-03-22
CVE-2026-33292 AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos — AVideoCWE-22 7.5 High2026-03-22
CVE-2026-33238 AVideo has a Path Traversal in listFiles.json.php that Enables Server Filesystem Enumeration — AVideoCWE-22 4.3 Medium2026-03-20
CVE-2026-33237 AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation — AVideoCWE-918 5.5 Medium2026-03-20
CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS — AVideoCWE-942 8.1 High2026-03-20
CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php — AVideoCWE-200 5.3 Medium2026-03-20
CVE-2026-33039 AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy — AVideoCWE-918 8.6 High2026-03-20
CVE-2026-33038 AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments — AVideoCWE-306 8.1 High2026-03-20
CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path — AVideoCWE-1188 8.1 High2026-03-20
CVE-2026-33035 Unauthenticated Reflected XSS via innerHTML in AVideo — AVideoCWE-79 6.1 -2026-03-20
CVE-2026-33025 AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause — AVideo-EncoderCWE-89 9.8 -2026-03-20
CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator — AVideo-EncoderCWE-918 9.8 -2026-03-20
CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure — AVideoCWE-306 5.3AIMediumAI2026-03-09
CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php — AVideo-EncoderCWE-78 9.8 Critical2026-03-06
CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php — AVideoCWE-89 9.8 Critical2026-03-06
CVE-2026-28502 WWBN AVideo: Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction — AVideoCWE-434 7.2 -2026-03-06
CVE-2026-29093 WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port — AVideoCWE-287 8.1 High2026-03-06
CVE-2026-27732 AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php — AVideoCWE-918 8.1 -2026-02-24
CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection — AVideoCWE-79 9.0 -2026-02-24
CVE-2025-46410 WWBN AVideo 跨站脚本漏洞 — AVideoCWE-79 9.6 Critical2025-07-24
CVE-2025-53084 多款产品跨站脚本漏洞 — AVideoCWE-79 9.0 Critical2025-07-24
CVE-2025-50128 WWBN AVideo 跨站脚本漏洞 — AVideoCWE-79 9.6 Critical2025-07-24

This page lists every published CVE security advisory associated with WWBN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.