CVE-2026-40474 wger has Broken Access Control in the Global Gym Configuration Update Endpoint

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permissionrequired = 'config.changegymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since GymConfig is an...

CVE-2026-40474 wger has Broken Access Control in the Global Gym Configuration Update Endpoint

wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permissionrequired = 'config.changegymconfig' but inherits WgerFormMixin instead of WgerPermissionMixin, so the permission is never enforced at runtime. Since GymConfig is an...

CVE-2026-40474

creationtimestamp| type| source ---|---|--- 2026-04-16 01:35:16+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-xppv-4jrx-qf8m 2026-04-17 23:20:20+00:00| published-proof-of-concept| Telegram/pKVsSWpOH4ztPjCePA6f2TZasDjFWE2MPBTfIhx3aN4UBbI...

MiracleLinux 8 : gstreamer1-plugins-bad-free-1.16.1-4.el8 (AXSA:2024-8316:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8316:04 advisory. gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474 gstreamer-plugins-bad:...

EUVD-2025-40474

Malicious code in bayu-sate88-sukiwir npm...

Amazon Linux 2 : gstreamer-plugins-bad-free (ALAS-2025-2972)

The version of gstreamer-plugins-bad-free installed on the remote host is prior to 0.10.23-42. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2972 advisory. Integer overflow leading to heap overwrite in MXF file handling with uncompressed video NOTE:...

MAL-2025-40474 Malicious code in yeti-orchid-izc173-project (npm)

The package yeti-orchid-izc173-project was found to contain malicious code...

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...

RLSA-2024:3060 Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

Rocky Linux 8 : gstreamer1-plugins-bad-free (RLSA-2024:3060)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3060 advisory. gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video CVE-2023-40474 gstreamer-plugins-bad:...

Oracle Linux 8 : gstreamer1-plugins-bad-free (ELSA-2024-3060)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3060 advisory. - Patch CVE-2023-40474: Integer overflow - Patch CVE-2023-40475: Integer overflow - Patch CVE-2023-40476: Integer overflow in H.265 video parser Tenabl...

gstreamer1-plugins-bad-free security update

1.16.1-4.0.1 - Update origin URL Orabug: 36209826 1.16.1-4 - Patch CVE-2023-40474: Integer overflow - Patch CVE-2023-40475: Integer overflow - Patch CVE-2023-40476: Integer overflow in H.265 video parser - Resolves: RHEL-19500, RHEL-19504, RHEL-19507 1.16.1-3 - Bump to avoid conflict with z strea...

ALSA-2024:3060 Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

Rocky Linux 9 : gstreamer1-plugins-bad-free (RLSA-2024:2287)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2287 advisory. - GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code ...

RHEL 7 : gstreamer-plugins-bad (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio...

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...

Oracle Linux 9 : gstreamer1-plugins-bad-free (ELSA-2024-2287)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2287 advisory. - CVE-2023-40474: Integer overflow leading to heap overwrite in MXF - CVE-2023-40475: Integer overflow leading to heap overwrite in MXF - CVE-2023-4047...

DEBIAN-CVE-2023-40474

GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...

CVE-2023-40474

CVE-2023-40474 is a GStreamer MXF parsing vulnerability caused by an integer overflow when processing MXF files, leading to remote code execution in vulnerable GStreamer deployments. The issue stems from insufficient validation of user-supplied data, which allows the overflow to occur during buff...

ALSA-2024:2287 Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...