CVE-2026-41416

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

CVE-2026-41415

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an out-of-bounds read when parsing a malformed Content-ID URI in SIP multipart message body. Insufficient length validation can cause reads beyond the intended buffer bounds. This...

PT-2026-28789

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms image proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the sche...

CVE-2019-25624 Liquid Studio 2.17 Denial of Service via Malformed Input

Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters during application runtime, causing the...

CVE-2019-25621 Pixel Studio 2.17 Denial of Service via Malformed Input

Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the keyboard interface. Attackers can trigger the vulnerability by entering arbitrary characters, causing the application to become unresponsive o...

Pixarra Liquid Studio 安全漏洞

Pixarra Liquid Studio is a digital art creation software developed by the American company Pixarra. It focuses on creating works in the “organic block-style” style, suitable for concept art, illustrations, textures, backgrounds, and the rendering of natural forms. Version 2.17 of Pixarra Liquid...

PT-2026-27131

Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of repeated characters and trigger the application to read it, causin...

PT-2026-26903

Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into the New Width or New Height field to trigger a buffer...

CVE-2026-33069

PJSIP (C library for SIP media) versions 2.16 and earlier are affected by a cascading out-of-bounds heap read in pjsip_multipart_parse. After matching a boundary, curptr is advanced past the delimiter without checking for buffer end, allowing reading 1–2 bytes of adjacent heap memory. This impact...

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

UBUNTU-CVE-2026-32942

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a heap use-after-free vulnerability in the ICE session that occurs when there are race conditions between session destruction and the callbacks. This issue has been fixed in version 2.17...

CVE-2026-32945

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

CVE-2026-32945 PJSIP is vulnerable to Heap-based Buffer Overflow through DNS parser

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

CVE-2026-32945

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

PT-2026-26586

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsip multipart parse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

CVE-2026-28799

CVE-2026-28799 affects the PJSIP multimedia library (up to version 2.16). A heap use-after-free flaw exists in PJSIP’s event subscription framework (evsub.c) and is triggered during presence unsubscription with SubSCRIBE and Expires=0. The issue can impact availability (high impact) with negligib...

CVE-2026-28065 WordPress Eject theme <= 2.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Eject eject allows PHP Local File Inclusion.This issue affects Eject: from n/a through = 2.17...

CVE-2026-28049 WordPress Police Department theme <= 2.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Police Department police-department allows PHP Local File Inclusion.This issue affects Police Department: from n/a through = 2.17...

CVE-2026-28049

CVE-2026-28049 is a Local File Inclusion vulnerability in ThemeREX Police Department police-department WordPress theme (≤2.17). Improper control of the Include/Require filename enables reading local files. CVSS 3.1 base score 8.1 (High); attack vector NETWORK, no user interaction. Affected produc...