CVE-2026-33483

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data...

CVE-2026-33483

CVE-2026-33483 affects WWBN AVideo up to version 26.0. The endpoint aVideoEncoderChunk.json.php is unauthenticated, outside the framework, and writes POST data to permanent files in /tmp with no size limits or cleanup, enabling disk-space exhaustion and potential denial of service. Public documen...

CVE-2026-33483 AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data...

Allocation of Resources Without Limits or Throttling

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the aVideoEncoderChunk.json.php endpoint. An attacker can exhaust server disk space by sending large or...