4 matches found
CVE-2026-41064
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Commit...
CVE-2026-42076
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...
CVE-2026-42076
CVE-2026-42076 affects Evolver, a GEP-powered self-evolving engine for AI agents. A command injection flaw exists in the _extractLLM() function prior to version 1.69.3: the code builds a curl command via string concatenation and passes it to execSync() without proper sanitization, enabling remote...
CVE-2026-41064
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Commit...