Lucene search
K

422 matches found

NVD
NVD
added 2026/04/07 8:16 p.m.10 views

CVE-2026-39367

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

5.4CVSS0.00195EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 7:24 p.m.3 views

CVE-2026-39369 WWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLs

WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/... URLs, bypass traversal scrubbing, and expose server-local files through the GIF poster storag...

7.6CVSS5.8AI score0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 7:23 p.m.1 views

CVE-2026-39368 WWBN AVideo has a Live restream log callback flow enabling stored SSRF to internal services

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Live restream log callback flow accepted an attacker-controlled restreamerURL and later fetched that stored URL server-side, enabling stored SSRF for authenticated streamers. The vulnerable flow allowed a low-privilege...

6.5CVSS6AI score0.0021EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 7:23 p.m.23 views

CVE-2026-39368

WWBN AVideo (open-source video platform) variant CVE-2026-39368 affects version 26.0 and prior. The Live restream log callback feature accepts an attacker-controlled restreamerURL, which is fetched server-side, enabling stored SSRF. This allows a low-privilege user with streaming permission to st...

6.5CVSS6AI score0.0021EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:22 p.m.3 views

CVE-2026-39367

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

5.4CVSS5.8AI score0.00195EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/07 7:22 p.m.20 views

CVE-2026-39367 WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

5.4CVSS0.00195EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.12 views

WWBN AVideo 代码问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the Live re-stream log callback process accepting URLs controlled by attackers, which could lead to...

6.5CVSS5.9AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

WWBN AVideo 数据伪造问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a data manipulation vulnerability. This vulnerability stemmed from a lack of transaction deduplication in the PayPal IPN v1 handler, which could allow attackers to...

6.5CVSS5.7AI score0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-30986

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epg li...

5.4CVSS5.8AI score0.00195EPSS
Exploits0References5
NVD
NVD
added 2026/04/06 10:16 p.m.4 views

CVE-2026-35450

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FFmpeg management endpoints kill.ffmpeg.json.php,...

5.3CVSS0.0037EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 9:46 p.m.3 views

CVE-2026-35450 WWBN AVideo has Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FFmpeg management endpoints kill.ffmpeg.json.php,...

5.3CVSS5.9AI score0.0037EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:46 p.m.4 views

CVE-2026-35450

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FFmpeg management endpoints kill.ffmpeg.json.php,...

5.3CVSS5.9AI score0.0037EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/06 9:46 p.m.19 views

CVE-2026-35450 WWBN AVideo has Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint probes the FFmpeg remote server configuration and returns connectivity status without any authentication. All sibling FFmpeg management endpoints kill.ffmpeg.json.php,...

5.3CVSS0.0037EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 9:45 p.m.16 views

CVE-2026-35448 WWBN AVideo Provides Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...

3.7CVSS0.00318EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 7:9 p.m.17 views

CVE-2026-35181 WWBN AVideo Affected by CSRF on Player Skin Configuration via admin/playerUpdate.json.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

4.3CVSS0.00134EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 7:9 p.m.7 views

CVE-2026-35181

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is explicitly excluded from the ORM's domain-based security check via ignoreTableSecurityCheck, removing...

4.3CVSS5.9AI score0.00134EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

WWBN AVideo 信息泄露漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 26 contain an information leakage vulnerability. This vulnerability stems from the lack of authentication mechanisms, which may lead to information leaks...

5.3CVSS5.8AI score0.00367EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

WWBN AVideo 信息泄露漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 26 contain an information leakage vulnerability. This vulnerability arises from the disabling of access restrictions, which may lead to information leaks...

5.3CVSS5.8AI score0.00332EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities, which stemmed from lack of access control mechanisms, potentially allowing unauthorized queries to occur...

3.7CVSS5.8AI score0.00318EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

WWBN AVideo 跨站请求伪造漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the lack of CSRF token validation in the player skin configuration endpoint, which cou...

4.3CVSS5.7AI score0.00134EPSS
Exploits1References2
Rows per page
Query Builder