Loading...
Loading...
Packagist54 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
vulnerable: 10.4 ... 29.0 (18 versions)
WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joinURL parameters into Scheduler::downloa…
vulnerable: 10.4 ... 29.0 (18 versions)
WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an attacker-supplied agreement parameter without verifying that the auth…
vulnerable: 10.4 ... 29.0 (18 versions)
WWBN AVideo is an open source video platform. In versions up to and including 29.0, two endpoints (plugin/AI/receiveAsync.json.php and objects/EpgParser.php) in AVideo call isSSRFSafeURL() to validate user-supplied URLs, then fetch them us…
vulnerable: 10.4 ... 29.0 (18 versions)
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints (e.g. users_list) without logging in. C…
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for wwbn/avideo CVEs against the assets you own.
Start Free Scan →