[MEDIUM] AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA

PKSA-p6p4-r212-wdgb CVE-2026-45610 GHSA-3mv2-vmwh-rwfx

Affected package: wwbn/avideo

Affected version: <=29.0

Reported by:
GitHub