VYPR

Avideo

by WWBN

Source repositories

CVEs (208)

  • CVE-2025-34436Dec 17, 2025
    risk 0.00cvss epss 0.00

    AVideo versions prior to 20.1 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks.

  • CVE-2025-34434Dec 17, 2025
    risk 0.00cvss epss 0.00

    AVideo versions prior to 20.1 with the ImageGallery plugin enabled is vulnerable to unauthenticated file upload and deletion. Plugin endpoints responsible for managing gallery images fail to enforce authentication checks and do not validate ownership, allowing unauthenticated…

  • CVE-2025-34439Dec 17, 2025
    risk 0.00cvss epss 0.00

    AVideo versions prior to 20.1 are vulnerable to an open redirect flaw due to missing validation of the cancelUri parameter during user login. An attacker can craft a link to redirect users to arbitrary external sites, enabling phishing attacks.

  • CVE-2025-34440Dec 17, 2025
    risk 0.00cvss epss 0.00

    AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks.

  • CVE-2025-46410Jul 24, 2025
    risk 0.00cvss epss 0.01

    A cross-site scripting (xss) vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to…

  • CVE-2025-53084Jul 24, 2025
    risk 0.00cvss epss 0.01

    A cross-site scripting (xss) vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to…

  • CVE-2025-50128Jul 24, 2025
    risk 0.00cvss epss 0.01

    A cross-site scripting (xss) vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a…

  • CVE-2025-36548Jul 24, 2025
    risk 0.00cvss epss 0.01

    A cross-site scripting (xss) vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to…

  • CVE-2025-41420Jul 24, 2025
    risk 0.00cvss epss 0.01

    A cross-site scripting (xss) vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to…

  • CVE-2025-25214Jul 24, 2025
    risk 0.00cvss epss 0.01

    A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.

  • CVE-2025-48732Jul 24, 2025
    risk 0.00cvss epss 0.01

    An incomplete blacklist exists in the .htaccess sample of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can request a .phar file to trigger this vulnerability.

  • CVE-2024-34899May 13, 2024
    risk 0.00cvss epss 0.00

    WWBN AVideo 12.4 is vulnerable to Cross Site Scripting (XSS).

  • CVE-2024-31819Apr 10, 2024
    risk 0.00cvss epss 0.16

    An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.

  • CVE-2023-47171Jan 10, 2024
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

  • CVE-2023-49864Jan 10, 2024
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the…

  • CVE-2023-49863Jan 10, 2024
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the…

  • CVE-2023-49862Jan 10, 2024
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the…

  • CVE-2023-49738Jan 10, 2024
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.

  • CVE-2023-48730Jan 10, 2024
    risk 0.00cvss epss 0.01

    A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to…

  • CVE-2023-47861Jan 10, 2024
    risk 0.00cvss epss 0.01

    A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to…