Lucene search
K

6 matches found

NVD
NVD
added 2026/04/21 11:16 p.m.4 views

CVE-2026-41061

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the...

5.4CVSS0.00173EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/06 7:6 p.m.7 views

EUVD-2026-19454

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customizesettingsnativeUpdate.json.php lacks CSRF token validation and writes uploaded logo files to disk before the ORM's domain-based security check executes. Combined with...

4.3CVSS5.8AI score0.00112EPSS
Exploits1References1
CVE
CVE
added 2026/03/22 5:0 p.m.19 views

CVE-2026-33295

CVE-2026-33295 affects WWBN/AVideo prior to version 26.0, where a stored XSS exists in the CDN plugin’s downloadButtons.php. The vulnerability arises because the video record field clean_title is interpolated directly into a JavaScript string literal without escaping, enabling an attacker who can...

8.2CVSS5.7AI score0.00216EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/03/20 6:16 a.m.20 views

CVE-2026-33038

WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthenticated application takeover through the install/checkConfiguration.php endpoint. install/checkConfiguration.php performs full application initialization: database setup, admin account creation, and...

8.1CVSS0.00489EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 5:50 a.m.14 views

CVE-2026-33041

CVE-2026-33041 affects WWBN AVideo. In versions 25.0 and earlier, the endpoint /objects/encryptPass.json.php exposes the site’s password hashing algorithm to unauthenticated users, allowing submission of a password to receive its hash and enabling offline cracking against leaked database hashes. ...

5.3CVSS6AI score0.00327EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/24 12:0 a.m.8 views

PT-2025-30672 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A race condition exists in the aVideoEncoder.json.php unzip functionality. A series of specially crafted HTTP requests can lead to arbitrary code execution. Recommendations...

8.8CVSS6.8AI score0.00974EPSS
Exploits1References7
Rows per page
Query Builder