Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WWBN — Vulnerabilities & Security Advisories 164

Browse all 164 CVE security advisories affecting WWBN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WWBN operates as a provider of web-based business solutions, primarily focusing on content management and e-commerce platforms that enable organizations to manage digital assets and online transactions. Historically, its software has been susceptible to a wide array of critical vulnerabilities, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and SQL Injection, often stemming from insufficient input validation and outdated dependencies. These flaws have frequently allowed attackers to escalate privileges, execute arbitrary commands, or exfiltrate sensitive data. The high volume of recorded Common Vulnerabilities and Exposures (CVEs) indicates persistent security challenges within the codebase, reflecting difficulties in maintaining rigorous patch management and secure coding practices over time. Consequently, organizations deploying WWBN solutions face significant risks if they do not implement robust network segmentation and timely updates to mitigate these known attack vectors.

Top products by WWBN: AVideo AVideo-Encoder
CVE IDTitleCVSSSeverityPublished
CVE-2026-33354 AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php` — AVideoCWE-73 7.6 High2026-03-23
CVE-2026-33352 AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass) — AVideoCWE-89 9.8 Critical2026-03-23
CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass — AVideoCWE-918 9.1 Critical2026-03-23
CVE-2026-33297 AVideo has an IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php — AVideoCWE-639 9.1 -2026-03-23
CVE-2026-33296 AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php — AVideoCWE-601 6.1 -2026-03-22
CVE-2026-33295 AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php — AVideoCWE-79 5.4 -2026-03-22
CVE-2026-33294 AVideo has SSRF in BulkEmbed Thumbnail Fetch that Allows Reading Internal Network Resources — AVideoCWE-918 5.0 Medium2026-03-22
CVE-2026-33293 AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter — AVideoCWE-22 8.1 High2026-03-22
CVE-2026-33319 AVideo Vulnerable to OS Command Injection via Unescaped URL in LinkedIn Video Upload Shell Command — AVideoCWE-78 5.9 Medium2026-03-22
CVE-2026-33292 AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos — AVideoCWE-22 7.5 High2026-03-22
CVE-2026-33238 AVideo has a Path Traversal in listFiles.json.php that Enables Server Filesystem Enumeration — AVideoCWE-22 4.3 Medium2026-03-20
CVE-2026-33237 AVideo has SSRF in Scheduler Plugin via callbackURL Missing `isSSRFSafeURL()` Validation — AVideoCWE-918 5.5 Medium2026-03-20
CVE-2026-33043 AVideo affected by Session Hijacking via Unauthenticated Session ID Disclosure with Permissive CORS — AVideoCWE-942 8.1 High2026-03-20
CVE-2026-33041 AVideo has an Unauthenticated Password Hash Oracle via encryptPass.json.php — AVideoCWE-200 5.3 Medium2026-03-20
CVE-2026-33039 AVideo vulnerable to unauthenticated SSRF via HTTP redirect bypass in LiveLinks proxy — AVideoCWE-918 8.6 High2026-03-20
CVE-2026-33038 AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments — AVideoCWE-306 8.1 High2026-03-20
CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path — AVideoCWE-1188 8.1 High2026-03-20
CVE-2026-33035 Unauthenticated Reflected XSS via innerHTML in AVideo — AVideoCWE-79 6.1 -2026-03-20
CVE-2026-33025 AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause — AVideo-EncoderCWE-89 9.8 -2026-03-20
CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator — AVideo-EncoderCWE-918 9.8 -2026-03-20
CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure — AVideoCWE-306 5.3AIMediumAI2026-03-09
CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php — AVideo-EncoderCWE-78 9.8 Critical2026-03-06
CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php — AVideoCWE-89 9.8 Critical2026-03-06
CVE-2026-28502 WWBN AVideo: Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction — AVideoCWE-434 7.2 -2026-03-06
CVE-2026-29093 WWBN AVideo: Unauthenticated PHP session store exposed to host network via published memcached port — AVideoCWE-287 8.1 High2026-03-06
CVE-2026-27732 AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php — AVideoCWE-918 8.1 -2026-02-24
CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection — AVideoCWE-79 9.0 -2026-02-24
CVE-2025-46410 WWBN AVideo 跨站脚本漏洞 — AVideoCWE-79 9.6 Critical2025-07-24
CVE-2025-53084 多款产品跨站脚本漏洞 — AVideoCWE-79 9.0 Critical2025-07-24
CVE-2025-50128 WWBN AVideo 跨站脚本漏洞 — AVideoCWE-79 9.6 Critical2025-07-24

This page lists every published CVE security advisory associated with WWBN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.