CVE-2026-45620
EUVD-2026-3330729.05.2026, 14:16
WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck() or admin gate. It only has an entry guard: preg_match('/^@/', $_REQUEST['term']) and hard-coded rowCount=10. This enables unauthenticated user enumeration.EnginsightAffected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| wwbn | avideo | 𝑥 ≤ 29.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration