avideo · threatengine.sh

CVE-2026-41304

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and below, the cloneServer.json.php endpoint in the CloneSite plu

9.8CRITICAL

CVE-2026-41064

<= 29.0

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds

9.3CRITICAL

CVE-2026-41063

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's `ParsedownSafeWithLink

5.4MEDIUM

CVE-2026-41062

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5

6.5MEDIUM

CVE-2026-41061

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration() regex at objects/video.php:918

5.4MEDIUM

CVE-2026-41060

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isSSRFSafeURL() function in `objects/functions.php

7.7HIGH

CVE-2026-41058

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump p

8.1HIGH

CVE-2026-41057

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit 986e64aad is

7.1HIGH

CVE-2026-41056

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and below, the allowOrigin($allowAll=true) function in `objects/f

8.1HIGH

CVE-2026-41055

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds

8.6HIGH

CVE-2026-40935

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/getCaptcha.php accepts the CAPTCHA length (`ql

5.3MEDIUM

CVE-2026-40929

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/commentDelete.json.php is a state-mutating JSO

5.4MEDIUM

CVE-2026-40928

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under objects/ accept s

5.4MEDIUM

CVE-2026-40926

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints, `objects/categoryAddNew

7.1HIGH

CVE-2026-40925

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php (also routed via

8.3HIGH

CVE-2026-40911

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-

10.0CRITICAL

CVE-2026-40909

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (locale/save.php) constructs

8.7HIGH

CVE-2026-40908

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes `git lo

5.3MEDIUM

CVE-2026-40907

<= 29.0

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/view/Live_restreams/list.json.

6.5MEDIUM

CVE-2026-39370

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows attacker-con

7.1HIGH

CVE-2026-39369

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an au

7.6HIGH

CVE-2026-39368

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Live restream log callback flow accepted an attacker

6.5MEDIUM

CVE-2026-39367

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG (Electronic Program Guide) feature parses X

5.4MEDIUM

CVE-2026-39366

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php la

6.5MEDIUM

CVE-2026-35452

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint serves the

5.3MEDIUM

CVE-2026-35450

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the

5.3MEDIUM

CVE-2026-35449

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only

5.3MEDIUM

CVE-2026-35448

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns

3.7LOW

CVE-2026-35181

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUp

4.3MEDIUM

CVE-2026-35180

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize_setti

4.3MEDIUM

CVE-2026-35179

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagr

5.3MEDIUM

CVE-2026-34740

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the EPG (Electronic Program Guide) link feature in AVide

6.5MEDIUM

CVE-2026-34739

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the User_Location plugin's testIP.php page reflects the

6.1MEDIUM

CVE-2026-34738

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideSt

4.3MEDIUM

CVE-2026-34737

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug endpoint

6.5MEDIUM

CVE-2026-34733

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPriv

6.5MEDIUM

CVE-2026-34732

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does

5.3MEDIUM

CVE-2026-34731

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the Live plug

7.5HIGH

CVE-2026-34716

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders inc

6.4MEDIUM

CVE-2026-34613

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/pluginSwitch.json.php allows

6.5MEDIUM

CVE-2026-34611

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo endpoint objects/emailAllUsers.json.php allow

6.5MEDIUM

CVE-2026-34396

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration valu

6.1MEDIUM

CVE-2026-34395

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/YPTWallet/view/users.json.php endpoint return

6.5MEDIUM

CVE-2026-34394

<= 26.0

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint (admin/save

8.1HIGH

CVE-2026-34375

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the YPTWallet Stripe payment confirmation page

8.2HIGH

CVE-2026-34374

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Live_schedule::keyExists() method constr

9.1CRITICAL

CVE-2026-34369

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the get_api_video_file and get_api_video A

5.3MEDIUM

CVE-2026-34368

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the transferBalance() method in `plugin/YPTW

5.3MEDIUM

CVE-2026-34364

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serv

5.3MEDIUM

CVE-2026-34362

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the verifyTokenSocket() function in `plugin/

5.4MEDIUM

CVE-2026-34247

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/Live/uploadPoster.php endpoint al

5.4MEDIUM

CVE-2026-34245

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/PlayLists/View/Playlists_schedules

6.3MEDIUM

CVE-2026-33867

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo allows content owners to password-prote

7.5HIGH

CVE-2026-33770

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle() static method in `object

9.8CRITICAL

CVE-2026-33767

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, in objects/like.php, the getLike() method

8.8HIGH

CVE-2026-33766

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, isSSRFSafeURL() validates URLs against priva

6.5MEDIUM

CVE-2026-33764

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's save.json.php endpoint loads

4.3MEDIUM

CVE-2026-33763

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the get_api_video_password_is_correct API en

5.3MEDIUM

CVE-2026-33761

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, three list.json.php endpoints in the Schedul

5.3MEDIUM

CVE-2026-33759

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/playlistsVideos.json.php endpoin

5.3MEDIUM

CVE-2026-33723

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Subscribe::save() method in `objects/sub

7.1HIGH

CVE-2026-33719

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints `plugin/CDN/status.js

8.6HIGH

CVE-2026-33717

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the downloadVideoFromDownloadURL() function

8.8HIGH

CVE-2026-33716

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at

9.4CRITICAL

CVE-2026-33690

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getRealIpAddr() function in `objects/fun

5.3MEDIUM

CVE-2026-33688

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password recovery endpoint at `objects/use

5.3MEDIUM

CVE-2026-33685

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/AD_Server/reports.json.php endpoi

5.3MEDIUM

CVE-2026-33683

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a sanitization order-of-operations flaw in the

5.4MEDIUM

CVE-2026-33681

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php

7.2HIGH

CVE-2026-33651

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the remindMe.json.php endpoint passes `$_REQ

8.1HIGH

CVE-2026-33650

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission

7.6HIGH

CVE-2026-33649

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Permissions/setPermission.json.php

8.1HIGH

CVE-2026-33648

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the restreamer endpoint constructs a log file

8.8HIGH

CVE-2026-33647

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile() method validate

8.8HIGH

CVE-2026-33513

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint (`APIName=loca

8.6HIGH

CVE-2026-33512

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the API plugin exposes a decryptString actio

7.5HIGH

CVE-2026-33507

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginImport.json.php endpoint a

8.8HIGH

CVE-2026-33502

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery

9.3CRITICAL

CVE-2026-33501

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint `plugin/Permissions/View/Users_gr

5.3MEDIUM

CVE-2026-33500

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 (GHSA-rcqw-6466-3mv

5.4MEDIUM

CVE-2026-33499

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the view/forbiddenPage.php and `view/warning

6.1MEDIUM

CVE-2026-33493

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts

7.1HIGH

CVE-2026-33492

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo's _session_start() function accepts a

7.3HIGH

CVE-2026-33488

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys() function in the LoginContro

7.4HIGH

CVE-2026-33485

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP on_publish callback at `plugin/Live

7.5HIGH

CVE-2026-33483

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is

7.5HIGH

CVE-2026-33482

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the sanitizeFFmpegCommand() function in `plu

8.1HIGH

CVE-2026-33480

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the isSSRFSafeURL() function in AVideo can b

8.6HIGH

CVE-2026-33479

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpo

8.8HIGH

CVE-2026-33478

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite

10.0CRITICAL

CVE-2026-33354

<= 26.0

WWBN AVideo is an open source video platform. In versions up to and including 26.0, POST /objects/aVideoEncoder.json.php accepts

7.6HIGH

CVE-2026-33352

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in `obj

9.8CRITICAL

CVE-2026-33351

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery (SSRF) vulnerability exists in

9.1CRITICAL

CVE-2026-33297

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plug

9.1CRITICAL

CVE-2026-33319

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, the uploadVideoToLinkedIn() method in the SocialMediaPublis

5.9MEDIUM

CVE-2026-33296

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains an open redirect vulnerability in the lo

6.1MEDIUM

CVE-2026-33295

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerabil

5.4MEDIUM

CVE-2026-33294

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, the BulkEmbed plugin's save endpoint (`plugin/BulkEmbed/save.

5.0MEDIUM

CVE-2026-33293

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, the deleteDump parameter in `plugin/CloneSite/cloneServer.j

8.1HIGH

CVE-2026-33292

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint (view/hls.php) is vulnerable to

7.5HIGH

CVE-2026-33238

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, the listFiles.json.php endpoint accepts a path POST param

4.3MEDIUM

CVE-2026-33237

< 26.0

WWBN AVideo is an open source video platform. Prior to version 26.0, the Scheduler plugin's run() function in `plugin/Scheduler/

5.5MEDIUM

CVE-2026-33043

< 26.0

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/phpsessionid.json.php exposes the current PHP s

8.1HIGH

CVE-2026-33041

< 26.0

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's

5.3MEDIUM

CVE-2026-33039

< 26.0

WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-s

8.6HIGH

CVE-2026-33038

< 26.0

WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthenticated application takeover throu

8.1HIGH

CVE-2026-33037

< 26.0

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files (docker-compose.yml

8.1HIGH

CVE-2026-33035

< 26.0

WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS vulnerability that allows unaut

6.1MEDIUM

CVE-2026-33025

< 8.0

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost() method of

8.8HIGH

CVE-2026-33024

< 8.0

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vulnerability (CWE-918) in the pub

9.1CRITICAL

CVE-2026-30885

< 25.0

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlist

5.3MEDIUM

CVE-2026-29058

< 7.0

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands o

9.8CRITICAL

CVE-2026-29093

< 24.0

WWBN AVideo is an open source video platform. Prior to version 24.0, the official docker-compose.yml publishes the memcached servi

8.1HIGH

CVE-2026-28502

< 24.0

WWBN AVideo is an open source video platform. Prior to version 24.0, an authenticated Remote Code Execution (RCE) vulnerability wa

8.8HIGH

CVE-2026-28501

< 24.0

WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVid

9.8CRITICAL

CVE-2026-27732

< 22.0

WWBN AVideo is an open source video platform. Prior to version 22.0, the aVideoEncoder.json.php API endpoint accepts a `download

8.1HIGH

CVE-2026-27568

< 21.0

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown (

6.1MEDIUM

CVE-2020-37173

all versions

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the p

7.5HIGH

CVE-2020-37172

all versions

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploitin

5.3MEDIUM

CVE-2020-37158

all versions

AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploitin

5.3MEDIUM

CVE-2025-34442

< 20.0

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes ful

7.5HIGH

CVE-2025-34441

< 20.0

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include

7.5HIGH

CVE-2025-34440

< 20.0

AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri para

6.1MEDIUM

CVE-2025-34439

< 20.0

AVideo versions prior to 20.1 are vulnerable to an open redirect flaw due to missing validation of the cancelUri parameter during

6.1MEDIUM

CVE-2025-34438

< 20.0

AVideo versions prior to 20.1 contain an insecure direct object reference vulnerability allowing users with upload permissions to

8.1HIGH

CVE-2025-34437

< 20.0

AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint

8.8HIGH

CVE-2025-34436

< 20.0

AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an ins

8.8HIGH

CVE-2025-34435

< 20.0

AVideo versions prior to 20.1 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to

6.5MEDIUM

CVE-2025-34434

< 20.0

AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plug

9.1CRITICAL

CVE-2025-53084

all versions

A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev maste

9.0CRITICAL

CVE-2025-50128

all versions

A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and

9.6CRITICAL

CVE-2025-48732

all versions

An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTT

7.3HIGH

CVE-2025-46410

all versions

A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVi

9.6CRITICAL

CVE-2025-41420

all versions

A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev m

9.6CRITICAL

CVE-2025-36548

all versions

A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo

8.3HIGH

CVE-2025-25214

all versions

A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit

8.8HIGH

CVE-2024-34899

>= 10.4 and <= 12.4

WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).

5.4MEDIUM

CVE-2024-31819

>= 12.4 and <= 14.2

An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter

9.8CRITICAL

CVE-2023-50172

all versions

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev

5.3MEDIUM

CVE-2023-49864

all versions

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo

6.5MEDIUM

CVE-2023-49863

all versions

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo

6.5MEDIUM

CVE-2023-49862

all versions

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo

6.5MEDIUM

CVE-2023-49810

all versions

A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 1

7.3HIGH

CVE-2023-49738

all versions

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A

7.5HIGH

CVE-2023-49715

all versions

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master

4.3MEDIUM

CVE-2023-49599

all versions

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A s

9.8CRITICAL

CVE-2023-49589

all versions

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev ma

8.8HIGH

CVE-2023-48730

all versions

A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master c

8.5HIGH

CVE-2023-48728

all versions

A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev

9.6CRITICAL

CVE-2023-47862

all versions

A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957f

9.8CRITICAL

CVE-2023-47861

all versions

A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev maste

9.0CRITICAL

CVE-2023-47171

all versions

An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and

6.5MEDIUM

CVE-2023-32073

<= 12.4

WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/Clon

8.8HIGH

CVE-2023-30860

< 12.4

WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the

8.0HIGH

CVE-2023-30854

< 12.4

AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint

8.8HIGH

CVE-2023-25314

< 12.4

Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive in

6.1MEDIUM

CVE-2023-25313

< 12.4

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code

9.8CRITICAL

CVE-2022-34652

all versions

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A speciall

8.8HIGH

CVE-2022-33149

all versions

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A speciall

8.8HIGH

CVE-2022-33148

all versions

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A speciall

8.8HIGH

CVE-2022-33147

all versions

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A speciall

8.8HIGH

CVE-2022-32778

all versions

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The

7.5HIGH

CVE-2022-32777

all versions

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The

7.5HIGH

CVE-2022-32772

all versions

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7

6.1MEDIUM

CVE-2022-32771

all versions

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7

6.1MEDIUM

CVE-2022-32770

all versions

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7

6.1MEDIUM

CVE-2022-32769

all versions

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master c

5.0MEDIUM

CVE-2022-32768

all versions

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master c

4.2MEDIUM

CVE-2022-32761

all versions

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master c

6.5MEDIUM

CVE-2022-32572

all versions

An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7

8.8HIGH

CVE-2022-32282

all versions

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that

8.8HIGH

CVE-2022-30690

all versions

A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364

6.1MEDIUM

CVE-2022-30605

all versions

A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A

8.8HIGH

CVE-2022-30547

all versions

A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

9.9CRITICAL

CVE-2022-30534

all versions

An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commi

8.8HIGH

CVE-2022-29468

all versions

A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted H

8.8HIGH

CVE-2022-28712

all versions

A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0

9.0CRITICAL

CVE-2022-28710

all versions

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

6.5MEDIUM

CVE-2022-26842

all versions

A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev

9.6CRITICAL

CVE-2022-27463

<= 11.6

Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users

6.1MEDIUM

CVE-2022-27462

<= 11.6

Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptD

6.1MEDIUM

CVE-2021-21286

< 10.2

AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before vers

7.7HIGH

CVE-2020-23490

< 8.9

There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit t

7.5HIGH

CVE-2020-23489

< 8.9

The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configu

8.8HIGH

wwbn avideo