Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
WWBN AVideo is an open source video platform. In versions up to and including 26.0, a user with the "Videos Moderator" permission can escalate privileges to perform full video management operations —
WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's statu
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize_settings_nativeUpdate.json.php lacks CSRF token validation and writes uploa
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint `plugin/Permissions/View/Users_groups_permissions/list.json.php` lacks any authentication or authorizat
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo on_publish_done.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. T
CVE-2026-28502
CRITICAL CVSS 9.3
Find Similar
WWBN AVideo is an open source video platform. Prior to version 24.0, an authenticated Remote Code Execution (RCE) vulnerability was identified in AVideo related to the plugin upload/import functionali
WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php allowed an authenticated uploader to fetch attacker-controlled same-origin /videos/
WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private use
WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The `clean_title`
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/PlayLists/View/Playlists_schedules/add.json.php` endpoint allows any authenticated user with streaming p
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/pluginImport.json.php` endpoint allows admin users to upload and install plugin ZIP files containing ex
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `aVideoEncoderChunk.json.php` endpoint is a completely standalone PHP script with no authentication, no framewor
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the AI plugin's `save.json.php` endpoint loads AI response objects using an attacker-controlled `$_REQUEST['id']` pa
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die() statement. The scrip
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/Permissions/setPermission.json.php` endpoint accepts GET parameters for a state-changing operation that
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admin/playerUpdate.json.php does not validate CSRF tokens. The plugins table is expl
WWBN AVideo is an open source video platform. Prior to version 26.0, the `uploadVideoToLinkedIn()` method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upl
CVE-2026-33716
CRITICAL CVSS 9.4
Find Similar
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the standalone live stream control endpoint at `plugin/Live/standAloneFiles/control.json.php` accepts a user-supplie
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `downloadVideoFromDownloadURL()` function in `objects/aVideoEncoder.json.php` saves remote content to a web-acce
Page 1+ Next →