Wwbn/avideo

This hub aggregates every CVE we track for Wwbn/avideo, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Wwbn/avideo.

• CVE-2026-29058AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php9.8Mar 6, 2026
• CVE-2026-28501WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php9.8Mar 6, 2026
• CVE-2026-29093WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port8.1Mar 6, 2026
• CVE-2026-27732AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php8.1Feb 24, 2026
• CVE-2026-27568AVideo has Stored Cross-Site Scripting via Markdown Comment Injection6.1Feb 24, 2026
• CVE-2024-34899WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).5.4May 13, 2024
• CVE-2024-31819An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.9.8Apr 10, 2024
• CVE-2023-50172A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lea...5.3Jan 10, 2024
• CVE-2023-49810A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha byp...7.3Jan 10, 2024
• CVE-2023-49599An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege esca...9.8Jan 10, 2024
• CVE-2023-32073AVideo command injection vulnerability8.8May 12, 2023
• CVE-2023-30860WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account8.0May 8, 2023
• CVE-2023-30854WWBN AVideo vulnerable to OS Command Injection8.8Apr 28, 2023
• CVE-2023-25313OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature.9.8Apr 25, 2023
• CVE-2022-27463Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.6.1Apr 5, 2022