Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

WWBN — Vulnerabilities & Security Advisories 164

Browse all 164 CVE security advisories affecting WWBN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products WWBN:AVideoAVideo-Encoder
CVE IDTitleCVSSSeverityPaused
CVE-2026-33723 AVideo Vulnerable to SQL Injection in Subscribe Endpoint via Unsanitized user_id Parameter in subscribe.php — AVideoCWE-89 7.1 High2026-03-23
CVE-2026-33719 AVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.php — AVideoCWE-306 8.6 High2026-03-23
CVE-2026-33717 AVideo Vulnerable to Remote Code Execution via Persistent PHP Temp File in Encoder downloadURL with Resolution Validation Abort — AVideoCWE-434 8.8 High2026-03-23
CVE-2026-33716 AVideo Allows Unauthenticated Live Stream Control via Token Verification URL Override in control.json.php — AVideoCWE-287 9.4 Critical2026-03-23
CVE-2026-33690 AVideo vulnerable to IP Address Spoofing via Untrusted HTTP Headers in getRealIpAddr() — AVideoCWE-348 5.3 Medium2026-03-23
CVE-2026-33688 AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint — AVideoCWE-204 5.3 Medium2026-03-23
CVE-2026-33685 AVideo Allows Unauthenticated Access to AD_Server reports.json.php that Exposes Ad Campaign Analytics and User Data — AVideoCWE-862 5.3 Medium2026-03-23
CVE-2026-33683 AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field — AVideoCWE-79 5.4 Medium2026-03-23
CVE-2026-33681 AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name — AVideoCWE-22 7.2 High2026-03-23
CVE-2026-33651 AVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat() — AVideoCWE-89 8.1 High2026-03-23
CVE-2026-33650 AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion — AVideoCWE-863 7.6 High2026-03-23
CVE-2026-33649 AVideo's GET-Based CSRF in setPermission.json.php Enables Privilege Escalation via Arbitrary Permission Modification — AVideoCWE-352 8.1 High2026-03-23
CVE-2026-33648 AVideo Vulnerable to OS Command Injection via Unsanitized `users_id` and `liveTransmitionHistory_id` in Restreamer Log File Path — AVideoCWE-78 8.8 High2026-03-23
CVE-2026-33647 AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload — AVideoCWE-434 8.8 High2026-03-23
CVE-2026-33513 AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP) — AVideoCWE-22 8.6 High2026-03-23
CVE-2026-33512 AVideo has an unauthenticated decrypt oracle leaking any ciphertext — AVideoCWE-287 7.5 High2026-03-23
CVE-2026-33507 AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload — AVideoCWE-352 8.8 High2026-03-23
CVE-2026-33502 AVideo has Unauthenticated SSRF via plugin/Live/test.php — AVideoCWE-918 9.3 Critical2026-03-23
CVE-2026-33501 AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin — AVideoCWE-862 5.3 Medium2026-03-23
CVE-2026-33500 AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization — AVideoCWE-79 5.4 Medium2026-03-23
CVE-2026-33499 AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php — AVideoCWE-79 6.1 Medium2026-03-23
CVE-2026-33493 AVideo has a Path Traversal in import.json.php that Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter — AVideoCWE-22 7.1 High2026-03-23
CVE-2026-33492 AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration — AVideoCWE-384 7.3 High2026-03-23
CVE-2026-33488 AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin — AVideoCWE-326 7.4 High2026-03-23
CVE-2026-33485 AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter — AVideoCWE-89 7.5 High2026-03-23
CVE-2026-33483 AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php — AVideoCWE-770 7.5 High2026-03-23
CVE-2026-33482 AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand() — AVideoCWE-78 8.1 High2026-03-23
CVE-2026-33480 AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy — AVideoCWE-918 8.6 High2026-03-23
CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin — AVideoCWE-94 8.8 High2026-03-23
CVE-2026-33478 AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection — AVideoCWE-78 10.0 Critical2026-03-23

This page lists every published CVE security advisory associated with WWBN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.