Lucene search
K

12 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/29 1:7 p.m.10 views

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/21 11:16 p.m.8 views

CVE-2026-40928

WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under objects/ accept state-changing requests via $REQUEST/$GET and persist changes tied to the caller's session user, without any anti-CSRF token, origin check, or referer check. A malicious...

5.4CVSS0.00115EPSS
Exploits1References2
Circl
Circl
added 2026/04/13 1:40 p.m.8 views

CVE-2026-40928

creationtimestamp| type| source ---|---|--- 2026-04-13 13:40:24+00:00| published-proof-of-concept| https://github.com/WWBN/AVideo/security/advisories/GHSA-x2pw-9c38-cp2j...

5.4CVSS5.8AI score0.00115EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.10 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the SocialMediaPublisher plugin exposing unvalidated proxy endpoints, which could lead to...

5.3CVSS5.9AI score0.00215EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/01 8:48 p.m.11 views

EUVD-2026-17638

AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users...

6.5CVSS5.9AI score0.00157EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.5 views

CVE-2026-33767

WWBN AVideo is an open source video platform. In versions up to and including 26.0, in objects/like.php, the getLike method constructs a SQL query using a prepared statement placeholder ? for usersid but directly concatenates $this-videosid into the query string without parameterization. An...

8.8CVSS6AI score0.00509EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-33297

WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...

9.1CVSS5.8AI score0.00342EPSS
Exploits1References1
OSV
OSV
added 2026/03/23 6:49 p.m.3 views

CVE-2026-33719 AVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured...

8.6CVSS5.8AI score0.00356EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:48 p.m.2 views

CVE-2026-33717

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing...

8.8CVSS5.8AI score0.00395EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:38 a.m.7 views

CVE-2026-33039

WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL, but only checks the initial URL. When the initial URL responds with an HTTP redirect Location heade...

8.6CVSS5.8AI score0.00453EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.10 views

AVideo 操作系统命令注入漏洞

AVideo is an open-source broadcast network creation tool developed by the World Wide Broadcast Network. Prior to version 7.0 of AVideo, there was a vulnerability related to operating system command injection. This vulnerability allowed unauthenticated attackers to execute arbitrary operating syst...

9.8CVSS7.7AI score0.02132EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.7 views

CVE-2023-25313

OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature...

9.7AI score0.01315EPSS
Exploits1References1
Rows per page
Query Builder