Lucene search
K

76 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in...

7.1CVSS6AI score0.00227EPSS
Exploits1References3
NVD
NVD
added 2026/06/19 9:17 p.m.9 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS0.00227EPSS
Exploits1References2
OSV
OSV
added 2026/06/19 9:17 p.m.10 views

DEBIAN-CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.9AI score0.00227EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/19 8:9 p.m.6 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS5.9AI score0.00227EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:53 p.m.8 views

CVE-2026-49337

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes decodercontext::readsliceNAL libde265/decctx.cc:481 to attach slice headers to a finished picture object that has no active image unit, resulting in...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/19 7:53 p.m.19 views

CVE-2026-49337

CVE-2026-49337 affects libde265 prior to 1.0.20. A crafted sequence of H.265 NAL units lets decoder_context::read_slice_NAL() attach slice headers to a finished picture object with no active image unit, causing attacker-controlled unbounded heap growth. The headers are retained until the picture ...

4.3CVSS5.8AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 9:31 a.m.4 views

EUVD-2026-24700

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

9.8CVSS5.6AI score0.00578EPSS
Exploits0References5
CVE
CVE
added 2026/04/22 7:45 a.m.7 views

CVE-2026-6235

Vulnerability overview: The Sendmachine for WordPress plugin (WordPress) is affected by an authorization bypass in the manage_admin_requests path for all versions up to 1.0.20, enabling unauthenticated attackers to overwrite the SMTP configuration and potentially intercept all outbound emails (in...

9.8CVSS5.6AI score0.00578EPSS
Exploits0References4
NVD
NVD
added 2026/02/05 5:16 p.m.9 views

CVE-2020-37148

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...

5.1CVSS0.00251EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:14 p.m.5 views

CVE-2020-37148

P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser...

5.1CVSS5.6AI score0.00251EPSS
Exploits0References5Affected Software2
EUVD
EUVD
added 2026/02/05 4:13 p.m.5 views

EUVD-2020-31048

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

5.1CVSS5.2AI score0.0014EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.11 views

PT-2026-6588

Name of the Vulnerable Software and Affected Versions P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 Description P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 are affected by a stored cross-site scripting issue. Input provided to various GET/POST parameters is not adequately sanitized...

5.1CVSS5.4AI score0.00251EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.5 views

P5 FNIP-8x16A和P5 FNIP-4xSH 跨站请求伪造漏洞

The P5 FNIP-8x16A and P5 FNIP-4xSH are Ethernet relay controllers produced by the British company P5. Versions 1.0.20 of both devices contain a cross-site request forgery vulnerability. This vulnerability is due to a susceptibility to cross-site request forgery attacks, which may allow attackers ...

5.1CVSS5.8AI score0.0014EPSS
Exploits0References6
OSV
OSV
added 2026/01/06 1:16 a.m.4 views

AZL-73751 CVE-2025-15444 affecting package libsodium for versions less than 1.0.19-2

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...

9.8CVSS5.8AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2026/01/06 1:16 a.m.4 views

AZL-73755 CVE-2025-15444 affecting package libsodium for versions less than 1.0.18-7

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...

9.8CVSS5.8AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/06 12:22 a.m.3 views

CVE-2025-15444 Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium = 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://vulners.com/cve/CVE-2025-69277 . The libsodium...

6.5AI score0.00228EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/06 12:0 a.m.3 views

PT-2026-1359

Name of the Vulnerable Software and Affected Versions Crypt::Sodium::XS versions prior to 0.000042 libsodium versions 1.0.20 and earlier Description The Crypt::Sodium::XS module for Perl includes a vulnerable version of libsodium. libsodium versions up to and including 1.0.20 may improperly handl...

9.8CVSS6.4AI score0.00228EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2025/12/31 11:6 a.m.5 views

CVE-2025-69025

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Aethonic Poptics poptics allows Retrieve Embedded Sensitive Data.This issue affects Poptics: from n/a through = 1.0.20...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2025/12/30 10:47 a.m.8 views

CVE-2025-69025

CVE-2025-69025 describes Exposure of Sensitive System Information to an Unauthorized Control Sphere in Poptics (Branda/Popup Builder plugin family). Affected software: Poptics – AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent & WooCommerce Popups; vulnerable versions are up...

4.3CVSS5.9AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.6 views

PT-2025-53906

Name of the Vulnerable Software and Affected Versions Aethonic Poptics: AI-Powered Popup Builder for Lead Generation, Conversions, Exit-Intent, Email Opt-ins & WooCommerce Sales versions through 1.0.20 Description The software contains a flaw that allows retrieval of embedded sensitive data. This...

6.4AI score0.00176EPSS
Exploits0References3
Rows per page
Query Builder