CVE-2026-43874 - WWBN AVideo: Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass
CVE ID :CVE-2026-43874 Published : May 11, 2026, 8:29 p.m. | 35 minutes ago Description :WWBN AVideo is an open source video platform. In versions up to and including 29.0, the server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink (from CVE-2026-40911) only strips the payload w
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Nvidia GeForce NOW data breach confirmed — but luckily most of us will be safe, here's why
- [CYBER] Hackean JDownloader y propagan malware en instaladores para Windows y Linux desde el sitio oficial
- [CYBER] Linux bitten by second severe vulnerability in as many weeks
- [CYBER] CVE-2026-8344 - D-Link DIR-816 formDMZ.cgi sub_445E7C command injection
- [CYBER] CVE-2026-7010 - HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values
- [CYBER] CVE-2026-44695 - Outline: Slack OAuth state can link a victim Outline account to an attacker Slack identity