CVE-2026-33507 | WWBN AVideo up to 26.0 ZIP File Parser pluginImport.json.php cross-site request forgery (GHSA-hv36-p4w4-6vmj)

Inserito da Angelo Barbosa | Mar 23, 2026 | CVE

A vulnerability classified as problematic was found in WWBN AVideo up to 26.0. This impacts an unknown function of the file objects/pluginImport.json.php of the component ZIP File Parser. The manipulation results in cross-site request forgery.

This vulnerability was named CVE-2026-33507. The attack may be performed from remote. There is no available exploit.

It is advisable to implement a patch to correct this issue.

CVE-2026-33507 | WWBN AVideo up to 26.0 ZIP File Parser pluginImport.json.php cross-site request forgery (GHSA-hv36-p4w4-6vmj)

Post correlati

CVE-2024-22239 | VMware Aria Operations for Networks prior 6.12 Console Local Privilege Escalation (VMSA-2024-0002)

CVE-2023-6574 | Beijing Baichuo Smart S20 up to 20231120 HTTP POST Request /sysmanage/updateos.php 1_file_upload unrestricted upload

CVE-2024-25420 | Ignite Realtime Openfire up to 4.9.0 System Property admin.authorizedJIDs improper authorization

CVE-2025-7195 | Red Hat Operator-SDK up to 0.15.1 default permission