CVE-2026-40929 | WWBN AVideo up to 29.0 JSON Endpoint commentDelete.json.php forbidIfIsUntrustedRequest cross-site request forgery (GHSA-8qm8-g55h-xmqr)

Inserito da Angelo Barbosa | Apr 22, 2026 | CVE

A vulnerability was found in WWBN AVideo up to 29.0. It has been declared as problematic. This affects the function forbidIfIsUntrustedRequest of the file objects/commentDelete.json.php of the component JSON Endpoint. The manipulation results in cross-site request forgery.

This vulnerability is reported as CVE-2026-40929. The attack can be launched remotely. No exploit exists.

A patch should be applied to remediate this issue.

CVE-2026-40929 | WWBN AVideo up to 29.0 JSON Endpoint commentDelete.json.php forbidIfIsUntrustedRequest cross-site request forgery (GHSA-8qm8-g55h-xmqr)

Post correlati

CVE-2024-23850 | Linux Kernel up to 6.7.1 fs/btrfs/disk-io.c btrfs_get_root_ref assertion

CVE-2023-6859 | Mozilla Thunderbird up to 120 TLS Socket use after free

CVE-2024-9370 | Google Chrome up to 129.0.6668.70 V8 Privilege Escalation

CVE-2019-20472 | One2Track 2019-12-08 empty password in configuration file