Please report security issues to developer@streamphp.com
Security: WWBN/AVideo
Security
.github/SECURITY.md
-
Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization in WWBN/AVideoGHSA-xr49-f4rh-qcjf published
Apr 27, 2026 by DanielnetoDotComHigh -
SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFSafeURL()GHSA-2hch-c97c-g99x published
Apr 27, 2026 by DanielnetoDotComHigh -
IDOR in PayPalYPT agreementCancel.json.php Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription AgreementsGHSA-958h-qp3x-q4gj published
Apr 27, 2026 by DanielnetoDotComModerate -
Unauthenticated CRLF/ICS Injection in Scheduler downloadICS.php Allows Calendar Event SpoofingGHSA-mwgh-92m2-wvhv published
Apr 27, 2026 by DanielnetoDotComModerate -
Unauthenticated User Enumeration in `objects/users.json.php` via `isCompany` Parameter Flips `$ignoreAdmin = true` and Defeats Admin-Only Listing GuardGHSA-6rvw-7p8v-mjfq published
Apr 27, 2026 by DanielnetoDotComModerate -
Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From AddressGHSA-5hgj-7gm9-cff5 published
Apr 27, 2026 by DanielnetoDotComModerate -
Blind SSRF in YPTWallet Donation Webhook via Missing isSSRFSafeURL() Check and CURLOPT_FOLLOWLOCATION Redirect BypassGHSA-wp38-whx3-xffh published
Apr 27, 2026 by DanielnetoDotComModerate -
CSRF in userSavePhoto.php Allows Cross-Origin Overwrite of Any Logged-in User's Profile Photo with Arbitrary BytesGHSA-jw8g-5j46-44rp published
Apr 25, 2026 by DanielnetoDotComModerate -
Reflected XSS in plugin/Meet/iframe.php via Unescaped `user`/`pass` Parameters Reflected into JavaScript String LiteralGHSA-mm5f-8q57-4fc4 published
Apr 25, 2026 by DanielnetoDotComModerate -
HTML Injection in notifySubscribers.json.php Enables Platform-Branded Phishing Emails to Channel SubscribersGHSA-g9cm-rxp7-6gv5 published
Apr 25, 2026 by DanielnetoDotComModerate
Learn more about advisories related to WWBN/AVideo in the GitHub Advisory Database