Wwbn Avideo
183 CVEs affecting Wwbn Avideo. Latest disclosed: 2026-05-29. Critical: 26, High: 65.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40911 | Critical | 10.0 | 2026-04-21 | WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies… |
CVE-2026-33478 | Critical | 10.0 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to all… |
CVE-2022-32572 | Critical | 9.9 | 2022-08-22 | An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HT… |
CVE-2022-30547 | Critical | 9.9 | 2022-08-22 | A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP req… |
CVE-2022-30534 | Critical | 9.9 | 2022-08-22 | An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-craft… |
CVE-2026-33352 | Critical | 9.8 | 2026-03-23 | WWBN AVideo is an open source video platform. Prior to version 26.0, an unauthenticated SQL injection vulnerability exists in `objects/category.php` in the `ge… |
CVE-2026-28501 | Critical | 9.8 | 2026-03-06 | WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos… |
CVE-2023-47862 | Critical | 9.8 | 2024-01-10 | A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP r… |
CVE-2023-49599 | Critical | 9.8 | 2024-01-10 | An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HT… |
CVE-2025-46410 | Critical | 9.6 | 2025-07-24 | A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commi… |
CVE-2025-50128 | Critical | 9.6 | 2025-07-24 | A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff… |
CVE-2025-41420 | Critical | 9.6 | 2025-07-24 | A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A spec… |
CVE-2023-48728 | Critical | 9.6 | 2024-01-10 | A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A spe… |
CVE-2022-32772 | Critical | 9.6 | 2022-08-22 | A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HT… |
CVE-2022-32771 | Critical | 9.6 | 2022-08-22 | A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HT… |
CVE-2022-32770 | Critical | 9.6 | 2022-08-22 | A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HT… |
CVE-2022-30690 | Critical | 9.6 | 2022-08-22 | A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP re… |
CVE-2022-26842 | Critical | 9.6 | 2022-08-22 | A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A spe… |
CVE-2026-33716 | Critical | 9.4 | 2026-03-23 | WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at `plugin/Live/standAloneFiles… |
CVE-2026-41064 | Critical | 9.3 | 2026-04-21 | WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's `test.php` adds `escapeshellarg` for wget bu… |