{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T18:44:19.337","vulnerabilities":[{"cve":{"id":"CVE-2026-29058","sourceIdentifier":"security-advisories@github.com","published":"2026-03-06T07:16:02.267","lastModified":"2026-03-10T19:14:24.553","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration (e.g., configuration secrets, internal keys, credentials), and service disruption. This issue has been patched in version 7.0."},{"lang":"es","value":"AVideo es un software de plataforma para compartir videos. Antes de la versión 7.0, un atacante no autenticado puede ejecutar comandos arbitrarios del sistema operativo en el servidor inyectando sustitución de comandos de shell en el parámetro GET base64Url. Esto puede llevar a un compromiso total del servidor, exfiltración de datos (por ejemplo, secretos de configuración, claves internas, credenciales) e interrupción del servicio. Este problema ha sido parcheado en la versión 7.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wwbn:avideo-encoder:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","matchCriteriaId":"E3524E39-DF7C-4A58-9A7C-E7932948818C"}]}]}],"references":[{"url":"https://github.com/WWBN/AVideo-Encoder/security/advisories/GHSA-9j26-99jh-v26q","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]}]}}]}