CVE-2026-40907 - WWBN AVideo has IDOR in Live Restreams list.json.php that Exposes Other Users' Stream Keys and OAuth Tokens
CVE ID :CVE-2026-40907 Published : April 21, 2026, 7:50 p.m. | 16 minutes ago Description :WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/view/Live_restreams/list.json.php` contains an Insecure Direct Object Reference (IDOR) vulnerability th
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Mantle proposes up to 30,000 ETH loan to address Aave bad debt from Kelp exploit
- [CYBER] Mantle proposes up to 30,000 ETH loan to address Aave bad debt from Kelp exploit - The Block
- [CYBER] CVE-2026-1952 - Denial of service via the undocumented subfunction in AS320T
- [CYBER] CVE-2026-1951 - No checking of the length of the buffer with the directory name in AS320T
- [CYBER] CVE-2026-1950 - No checking of the length of the buffer with the file name in AS320T
- [CYBER] Python Vulnerability Enables Out-of-Bounds Write on Windows