wwbn/avideo Security Advisories for 21.0 (4)
-
[MEDIUM] AVideo has Unauthenticated IDOR - Playlist Information Disclosure
PKSA-prng-jvqx-4vkt CVE-2026-30885 GHSA-6w2r-cfpc-23r5
Affected version: <25.0
Reported by:
GitHub -
[HIGH] AVideo: Unauthenticated PHP session store exposed to host network via published memcached port
PKSA-876z-dgrg-zwqs CVE-2026-29093 GHSA-xxpw-32hf-q8v9
Affected version: <=21.0
Reported by:
GitHub -
[CRITICAL] AVideo has Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
PKSA-xtjn-tvnf-r8sj CVE-2026-28501 GHSA-pv87-r9qf-x56p
Affected version: <=21.0.0
Reported by:
GitHub -
[HIGH] AVideo has Authenticated Server-Side Request Forgery via downloadURL in aVideoEncoder.json.php
PKSA-mpqq-rw7h-r6qr CVE-2026-27732 GHSA-h39h-7cvg-q7j6
Affected version: <=21.0.0
Reported by:
GitHub