CVE-2026-40926 | WWBN AVideo up to 29.0 JSON Endpoint categoryAddNew.json.php canCreateCategory cross-site request forgery (GHSA-ffw8-fwxp-h64w)

Inserito da Angelo Barbosa | Apr 22, 2026 | CVE

A vulnerability was found in WWBN AVideo up to 29.0. It has been rated as problematic. This vulnerability affects the function Category::canCreateCategory of the file objects/categoryAddNew.json.php of the component JSON Endpoint. This manipulation causes cross-site request forgery.

This vulnerability appears as CVE-2026-40926. The attack may be initiated remotely. There is no available exploit.

To fix this issue, it is recommended to deploy a patch.

CVE-2026-40926 | WWBN AVideo up to 29.0 JSON Endpoint categoryAddNew.json.php canCreateCategory cross-site request forgery (GHSA-ffw8-fwxp-h64w)

Post correlati

CVE-2024-36422 | FlowiseAI Flowise up to 1.4.3 404 Page api/v1/chatflows/id cross site scripting (GHSL-2023-232)

CVE-2025-40669 | TCMAN GIM 11 POST Request Options.aspx?Command=2&Page=-1 authorization

CVE-2023-38655 | Intel AMT/Standard Manageability unknown vulnerability (intel-sa-00999)

CVE-2024-10122 | Topdata Inner Rep Plus WebServer 2.01 Operator Details Form /InnerRepPlus.html missing password field masking