CVE-2026-1764

creationtimestamp| type| source ---|---|--- 2026-06-16 04:10:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moewkmggos2j...

CVE-2026-1764

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...

Low: tracker-miners

Issue Overview: A flaw was found in GNOME localsearch MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial ...

Fedora: Security Advisory (FEDORA-2026-ba6641558a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

📄 tracker-extract 3.8.2 / tracker-miners 3.x Crash

Proof of concept exploit for tracker-extract version 3.8.2 and tracker-miners version 3.x that demonstrates a crash when parsing oversized or malformed frames from MP3/APEv2 tags...

openSUSE Security Advisory (SUSE-SU-2026:0780-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for tracker-miners

This update for tracker-miners fixes the following issues: CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files bsc1257606. CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files bsc1257607...

SUSE CVE-2026-1764

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...

Linux Distros Unpatched Vulnerability : CVE-2026-1764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a...

CVE-2026-1764

Heap Buffer Overflow in GNOME localsearch MP3 Extractor...

EUVD-2026-1764

This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device...

CVE-2024-1764

Improper privilege management in Just-in-time JIT elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances...

CVE-2021-1764

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service...

CVE-2025-1764

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for...

CVE-2025-1764 LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for...

CVE-2025-1764

CVE-2025-1764 affects the WordPress plugin LoginPress (wp-login Custom Login Page Customizer) up to version 3.3.1. Root cause: missing/incorrect nonce validation in custom_plugin_set_option enables CSRF, allowing unauthenticated attackers to forge requests and update arbitrary site options, poten...

CVE-2025-1764 LoginPress <= 3.3.1 - Cross-Site Request Forgery to Arbitrary Options Update

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1764)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-1764

creationtimestamp| type| source ---|---|--- 2024-03-05 23:26:42+00:00| seen| https://t.me/ctinow/200814 2024-03-05 23:26:47+00:00| seen| https://t.me/ctinow/200819...

CVE-2024-1764

Improper privilege management in Just-in-time JIT elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances...