Vulnerabilidades em WWBN
187 resultadosCVE-2026-33501MEDIUMAVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions PluginEPSS 0.4%CVE-2026-33238MEDIUMAVideo has a Path Traversal in listFiles.json.php that Enables Server Filesystem EnumerationEPSS 0.4%CVE-2026-39369HIGHWWBN AVideo's GIF poster fetch bypasses traversal scrubbing and exposes local files through public media URLsEPSS 0.4%CVE-2026-33025HIGHAVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY ClauseEPSS 0.4%CVE-2026-33717HIGHAVideo Vulnerable to Remote Code Execution via Persistent PHP Temp File in Encoder downloadURL with Resolution Validation AbortEPSS 0.4%CVE-2026-33761MEDIUMAVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User MappingsEPSS 0.4%CVE-2026-41055HIGHAVideo has an incomplete fix for CVE-2026-33039 (SSRF)EPSS 0.4%CVE-2026-34732MEDIUMAVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 EndpointsEPSS 0.4%CVE-2026-34369MEDIUMAVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password VerificationEPSS 0.4%CVE-2026-35450MEDIUMWWBN AVideo has Unauthenticated FFmpeg Remote Server Status Disclosure via check.ffmpeg.json.phpEPSS 0.4%CVE-2026-35452MEDIUMWWBN AVideo has Unauthenticated Information Disclosure via Missing Auth on CloneSite client.log.phpEPSS 0.4%CVE-2026-33507HIGHAVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin UploadEPSS 0.4%CVE-2026-30885MEDIUMWWBN AVideo - Unauthenticated IDOR - Playlist Information DisclosureEPSS 0.4%CVE-2026-33719HIGHAVideo Vulnerable to Unauthenticated CDN Configuration Takeover via Empty Default Key Bypass and Mass-Assignment in status.json.phpEPSS 0.4%CVE-2026-43884HIGHWWBN AVideo: SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()EPSS 0.3%CVE-2026-33651HIGHAVideo has a Blind SQL Injection in Live Schedule Reminder via Unsanitized live_schedule_id in Scheduler_commands::getAllActiveOrToRepeat()EPSS 0.3%CVE-2026-33043HIGHAVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORSEPSS 0.3%CVE-2026-34374CRITICALAVideo has SQL Injection in Live_schedule::keyExists() via Unparameterized Stream KeyEPSS 0.3%CVE-2026-33297MEDIUMAVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.phpEPSS 0.3%CVE-2026-34733MEDIUMAVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI GuardEPSS 0.3%