wwbn/avideo Security Advisories for 14.3 (6)
-
[MEDIUM] AVideo has Unauthenticated IDOR - Playlist Information Disclosure
PKSA-prng-jvqx-4vkt CVE-2026-30885 GHSA-6w2r-cfpc-23r5
Affected version: <25.0
Reported by:
GitHub -
[HIGH] AVideo: Unauthenticated PHP session store exposed to host network via published memcached port
PKSA-876z-dgrg-zwqs CVE-2026-29093 GHSA-xxpw-32hf-q8v9
Affected version: <=21.0
Reported by:
GitHub -
[CRITICAL] AVideo has Authenticated Remote Code Execution via Unsafe Plugin ZIP Extraction
PKSA-p5zb-45dv-s5gy CVE-2026-28502 GHSA-v8jw-8w5p-23g3
Affected version: <21.0
Reported by:
GitHub -
[CRITICAL] AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
PKSA-xtjn-tvnf-r8sj CVE-2026-28501 GHSA-pv87-r9qf-x56p
Affected version: <=21.0.0
Reported by:
GitHub -
[HIGH] AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php
PKSA-mpqq-rw7h-r6qr CVE-2026-27732 GHSA-h39h-7cvg-q7j6
Affected version: <=21.0.0
Reported by:
GitHub -
[MEDIUM] AVideo has Stored Cross-Site Scripting via Markdown Comment Injection
PKSA-zj1v-1r3y-vnpg CVE-2026-27568 GHSA-rcqw-6466-3mv7
Affected version: <21.0
Reported by:
GitHub