Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

WWBN — Vulnerabilities & Security Advisories 177

Browse all 177 CVE security advisories affecting WWBN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WWBN operates as a provider of web-based business solutions, primarily focusing on content management and e-commerce platforms that enable organizations to manage digital assets and online transactions. Historically, its software has been susceptible to a wide array of critical vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and outdated dependencies. These flaws have frequently allowed attackers to escalate privileges, execute arbitrary commands, or exfiltrate sensitive data. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) indicates persistent security challenges within the codebase, reflecting difficulties in maintaining rigorous patch management and secure coding practices over time. Consequently, organizations deploying WWBN solutions face significant risks if they do not implement robust network segmentation and timely updates to mitigate these known attack vectors.

Top products by WWBN: AVideo AVideo-Encoder
CVE IDTitleCVSSSeverityPublished
CVE-2026-33502 AVideo has Unauthenticated SSRF via plugin/Live/test.php — AVideoCWE-918 9.3 Critical2026-03-23
CVE-2026-33501 AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin — AVideoCWE-862 5.3 Medium2026-03-23
CVE-2026-33500 AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization — AVideoCWE-79 5.4 Medium2026-03-23
CVE-2026-33499 AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php — AVideoCWE-79 6.1 Medium2026-03-23
CVE-2026-33493 AVideo has a Path Traversal in import.json.php that Allows Private Video Theft and Arbitrary File Read/Deletion via fileURI Parameter — AVideoCWE-22 7.1 High2026-03-23
CVE-2026-33492 AVideo has Session Fixation via GET PHPSESSID Parameter With Disabled Login Session Regeneration — AVideoCWE-384 7.3 High2026-03-23
CVE-2026-33488 AVideo has a PGP 2FA Bypass via Cryptographically Broken 512-bit RSA Key Generation in LoginControl Plugin — AVideoCWE-326 7.4 High2026-03-23
CVE-2026-33485 AVideo has an Unauthenticated Blind SQL Injection in RTMP on_publish Callback via Stream Name Parameter — AVideoCWE-89 7.5 High2026-03-23
CVE-2026-33483 AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php — AVideoCWE-770 7.5 High2026-03-23
CVE-2026-33482 AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand() — AVideoCWE-78 8.1 High2026-03-23
CVE-2026-33480 AVideo has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in Unauthenticated LiveLinks Proxy — AVideoCWE-918 8.6 High2026-03-23
CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin — AVideoCWE-94 8.8 High2026-03-23
CVE-2026-33478 AVideo Multi-Chain Attack: Unauthenticated Remote Code Execution via Clone Key Disclosure, Database Dump, and Command Injection — AVideoCWE-78 10.0 Critical2026-03-23
CVE-2026-33354 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php` — AVideoCWE-73 7.6 High2026-03-23
CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) — AVideoCWE-89 9.8 Critical2026-03-23
CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass — AVideoCWE-918 9.1 Critical2026-03-23
CVE-2026-33297 AVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php — AVideoCWE-639 9.1 -2026-03-23
CVE-2026-33296 AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php — AVideoCWE-601 6.1 -2026-03-22
CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php — AVideoCWE-79 5.4 -2026-03-22
CVE-2026-33294 AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources — AVideoCWE-918 5.0 Medium2026-03-22
CVE-2026-33293 AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter — AVideoCWE-22 8.1 High2026-03-22
CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command — AVideoCWE-78 5.9 Medium2026-03-22
CVE-2026-33292 AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos — AVideoCWE-22 7.5 High2026-03-22
CVE-2026-33238 AVideo has a Path Traversal in listFiles.json.php that Enables Server Filesystem Enumeration — AVideoCWE-22 4.3 Medium2026-03-20
CVE-2026-33237 AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation — AVideoCWE-918 5.5 Medium2026-03-20
CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS — AVideoCWE-942 8.1 High2026-03-20
CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php — AVideoCWE-200 5.3 Medium2026-03-20
CVE-2026-33039 AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy — AVideoCWE-918 8.6 High2026-03-20
CVE-2026-33038 AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments — AVideoCWE-306 8.1 High2026-03-20
CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path — AVideoCWE-1188 8.1 High2026-03-20

This page lists every published CVE security advisory associated with WWBN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.