VIR Vulnerability Intelligence Relay

Package impact

php Packagist / WWBN/AVideo

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-46337 medium 5.5 9d ago AVideo: Unauthenticated Arbitrary Image Read via Path Traversal in `view/img/image404Raw.php` php
CVE-2026-45731 medium 5.5 10d ago AVideo: Authenticated Arbitrary File Read in view/update.php php
CVE-2026-45620 medium 5.5 10d ago AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration sibling that survives `d9cdc7024` php
CVE-2026-45619 medium 5.5 13d ago AVideo CVE-2026-43884 incomplete fix - six (or more) `isSSRFSafeURL()` call sites still discard the `$resolvedIP` out-param at master HEAD post-`603e7bf` php
CVE-2026-45610 medium 5.5 13d ago AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA php
CVE-2026-45580 medium 5.5 13d ago AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attribute php