3 matches found
EUVD-2026-17650
AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints...
CVE-2026-34732
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...
CVE-2026-34732
CVE-2026-34732 concerns WWBN AVideo. Red Hat, OSV, CVE listings confirm that versions up to 26.0 contain a missing authentication/authorization check in the CreatePlugin template’s list.json.php, unlike add.json.php and delete.json.php which require admin rights. This omission creates 21 unauthen...