76 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-49295
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in...
CVE-2026-49295
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...
DEBIAN-CVE-2026-49295
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...
CVE-2026-49295
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...
CVE-2026-49337
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...
CVE-2026-49337
CVE-2026-49337 affects libde265 prior to 1.0.20. A crafted sequence of H.265 NAL units lets decoder_context::read_slice_NAL() attach slice headers to a finished picture object with no active image unit, causing attacker-controlled unbounded heap growth. The headers are retained until the picture ...
EUVD-2026-24700
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
CVE-2026-6235
Vulnerability overview: The Sendmachine for WordPress plugin (WordPress) is affected by an authorization bypass in the manage_admin_requests path for all versions up to 1.0.20, enabling unauthenticated attackers to overwrite the SMTP configuration and potentially intercept all outbound emails (in...
CVE-2020-37148
P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...
CVE-2020-37148
P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...
EUVD-2020-31048
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...
PT-2026-6588
Name of the Vulnerable Software and Affected Versions P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 Description P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 are affected by a stored cross-site scripting issue. Input provided to various GET/POST parameters is not adequately sanitized...
P5 FNIP-8x16A和P5 FNIP-4xSH 跨站请求伪造漏洞
The P5 FNIP-8x16A and P5 FNIP-4xSH are Ethernet relay controllers produced by the British company P5. Versions 1.0.20 of both devices contain a cross-site request forgery vulnerability. This vulnerability is due to a susceptibility to cross-site request forgery attacks, which may allow attackers ...
AZL-73751 CVE-2025-15444 affecting package libsodium for versions less than 1.0.19-2
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...
AZL-73755 CVE-2025-15444 affecting package libsodium for versions less than 1.0.18-7
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...
CVE-2025-15444 Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...
PT-2026-1359
Name of the Vulnerable Software and Affected Versions Crypt::Sodium::XS versions prior to 0.000042 libsodium versions 1.0.20 and earlier Description The Crypt::Sodium::XS module for Perl includes a vulnerable version of libsodium. libsodium versions up to and including 1.0.20 may improperly handl...
CVE-2025-69025
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through = 1.0.20...
CVE-2025-69025
CVE-2025-69025 describes Exposure of Sensitive System Information to an Unauthorized Control Sphere in Poptics (Branda/Popup Builder plugin family). Affected software: Poptics – AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent & WooCommerce Popups; vulnerable versions are up...
PT-2025-53906
Name of the Vulnerable Software and Affected Versions Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales versions through 1.0.20 Description The software contains a flaw that allows retrieval of embedded sensitive data. This...