CVE-2026-33492
The CVE-2026-33492 entries describe a session-fixation vulnerability in WWBN AVideo up to version 26.0 where _session_start() accepts an attacker-controlled PHPSESSID via GET parameter and sets it as the active session. A session regeneration bypass exists for certain blacklisted endpoints when r...