69 matches found
Google ADK-Python - Unauthenticated Builder Endpoint
Google Agent Development Kit ADK 1.7.0 through 1.28.1 and 2.0.0a1 through 2.0.0a2 on Python OSS, Cloud Run, and GKE contains a code injection and missing authentication vulnerability, letting unauthenticated remote attackers execute arbitrary code on the server, exploit requires no authentication...
Mailpit < 1.28.3 - Server-Side Request Forgery
Mailpit = 1.28.0 contains a server-side request forgery caused by insufficient validation of internal IP addresses in the /proxy endpoint, letting attackers make requests to internal network resources, exploit requires crafted HTTP GET requests. id: CVE-2026-21859 info: name: Mailpit 1.28.3 -...
CVE-2026-4810
A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit ADK versions 1.7.0 and 2.0.0a1 through 1.28.1 and 2.0.0a2 on Python OSS, Cloud Run, and GKE allows an unauthenticated remote attacker to execute arbitrary code on the server hosting the ADK instance. This...
CLEANSTART-2026-UD61879 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, ghsa-9h8m-3fm2-qjrq, ghsa-jv3w-x3r3-g6rm applied in versions: 1.28.1-r0, 1.28.1-r1, 1.28.3-r0, 1.28.4-r0
Multiple security vulnerabilities affect the istio-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-IY77127 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, ghsa-9h8m-3fm2-qjrq, ghsa-jv3w-x3r3-g6rm applied in versions: 1.28.1-r0, 1.28.1-r1, 1.28.3-r0, 1.29.0-r0
Multiple security vulnerabilities affect the istio-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-NC32267 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61727, CVE-2025-61729, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186 applied in versions: 1.24.4-r0, 1.28.1-r0, 1.28.1-r1
Multiple security vulnerabilities affect the cloudnative-pg-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
[SECURITY] Fedora 44 Update: gstreamer1-plugins-good-1.28.1-1.fc44
GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...
[SECURITY] Fedora 44 Update: gstreamer1-plugins-base-1.28.1-1.fc44
GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...
[SECURITY] Fedora 44 Update: gstreamer1-rtsp-server-1.28.1-1.fc44
A GStreamer-based RTSP server library...
[SECURITY] Fedora 44 Update: gstreamer1-plugin-libav-1.28.1-1.fc44
GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the handling of coordinates due to insufficient validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can achieve arbitrary code execution by enticing a use...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the processing of stream headers within ASF files due to improper validation of the length of user-supplied data before copying it to a fixed-length heap-based buffer. An attacker can achieve arbitrary code...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the processing of APS units due to insufficient validation of user-supplied data. An attacker can achieve arbitrary code execution by providing crafted input that triggers a write past the end of an allocated buff...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the RIFF parser when handling palette data in AVI files. An attacker can execute arbitrary code by convincing a user to open a specially crafted AVI file with an application linked against the affected...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the RTP QDM2 depayloader when handling X-QDM RTP payload elements. An attacker can achieve arbitrary code execution by supplying specially crafted data to the packetid element, resulting in a write past the...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when parsing Huffman tables in JPEG files. An attacker can execute arbitrary code by supplying a specially crafted JPEG file. Remediation Upgrade gstreamer to version 1.28.1 or higher. References - GitLab Comm...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the H.266 video bitstream parser. An attacker can achieve process crash or arbitrary code execution by enticing a user to open specially crafted H.266 media content with an application that processes...
Linux Distros Unpatched Vulnerability : CVE-2026-3081
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary co...
Linux Distros Unpatched Vulnerability : CVE-2026-2920
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...
Linux Distros Unpatched Vulnerability : CVE-2026-2922
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...