Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-41064

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Commit...

9.3CVSS5.5AI score0.00335EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 4:48 p.m.4 views

CVE-2026-42076

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...

9.8CVSS6.7AI score0.01305EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/04 4:48 p.m.29 views

CVE-2026-42076

CVE-2026-42076 affects Evolver, a GEP-powered self-evolving engine for AI agents. A command injection flaw exists in the _extractLLM() function prior to version 1.69.3: the code builds a curl command via string concatenation and passes it to execSync() without proper sanitization, enabling remote...

9.8CVSS6.7AI score0.01305EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:4 p.m.6 views

CVE-2026-41064

WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Commit...

9.3CVSS5.7AI score0.00335EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder