Wowza Vulnerabilities
Comprehensive security vulnerability database for Wowza products
2
0
1
4
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2016-20036 | 5.1 | An attacker can inject harmful scripts into the Wowza Streaming Engine's management interface, allowing them to execute malicious code in a user's browser session. This vulnerability requires the attacker to manipulate specific input parameters, potentially tricking users into clicking on a link or visiting a page that exploits the flaw. | wowzastreaming engine | Theoretical | 22 days agoMar 16, 2026 |
| CVE-2016-20035 | 6.9 | This vulnerability allows attackers to create new admin accounts with any credentials by tricking logged-in administrators into visiting a malicious website. The attacker needs the administrator to be logged in to the Wowza Streaming Engine while visiting the malicious site, which then submits unauthorized requests on their behalf. | wowzastreaming engine | Exploit Available | 22 days agoMar 16, 2026 |
About Wowza Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Wowza products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.