CVE-2026-41058
WWBN AVideo (open source video platform) is affected in versions 29.0 and below by an incomplete fix for a path-traversal issue in the CloneSite deleteDump parameter. The vulnerability allows an attacker to cause unlink() of arbitrary files via GET parameter ../../ sequences due to missing path-t...