Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:33 p.m.8 views

CVE-2026-45731

WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...

6.9CVSS5.8AI score0.00396EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/29 1:5 p.m.10 views

CVE-2026-45731 WWBN AVideo: Authenticated Arbitrary File Read in view/update.php

WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...

6.9CVSS6AI score0.00396EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 1:5 p.m.8 views

CVE-2026-45731

WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...

6.9CVSS6AI score0.00396EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2026/05/29 12:0 a.m.8 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of the view/update.php script, which read $POSTupdateFile as a relative path under the...

6.9CVSS5.8AI score0.00396EPSS
Exploits1References1
OSV
OSVadded 2026/05/18 7:1 p.m.4 views

GHSA-3MJV-375J-6H92 AVideo: Authenticated Arbitrary File Read in view/update.php

Summary view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process — especially...

6.9CVSS6.1AI score0.00396EPSS
Exploits1References3
Snyk
Snykadded 2026/05/18 7:1 p.m.7 views

Directory Traversal

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Directory Traversal via the updateFile parameter in the view/update.php process. An attacker can access arbitrary files on the server by supplying crafted path...

6.9CVSS6.3AI score0.00396EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/05/18 12:0 a.m.10 views

PT-2026-43464

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description An issue exists in the 'view/update.php' endpoint where the updateFile parameter is processed as a relative path under the 'updatedb/' directory and passed to the PHP file function for line-by-line...

6.9CVSS6AI score0.00396EPSS
Exploits1References4
SUSE CVE
SUSE CVEadded 2023/02/15 5:29 a.m.4 views

SUSE CVE-2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree,...

7.5CVSS9.7AI score0.01441EPSS
Exploits0References2
Rows per page
Query Builder