Lucene search
K

293 matches found

EUVD
EUVD
added 2026/04/21 10:49 p.m.6 views

EUVD-2026-24539

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the...

5.4CVSS5.4AI score0.00173EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:44 p.m.4 views

CVE-2026-41060

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isSSRFSafeURL function in objects/functions.php contains a same-domain shortcircuit lines 4290-4296 that allows any URL whose hostname matches webSiteRootURL to bypass all SSRF protections. Because the check compares on...

7.7CVSS5.9AI score0.003EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/21 10:43 p.m.5 views

EUVD-2026-24535

WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...

8.1CVSS5.9AI score0.00469EPSS
Exploits1References4
OSV
OSV
added 2026/04/21 8:17 p.m.3 views

DEBIAN-CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

7.5CVSS5.3AI score0.00346EPSS
Exploits1References1
NVD
NVD
added 2026/04/21 8:17 p.m.13 views

CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

7.5CVSS0.00346EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/04/21 7:51 p.m.4 views

CVE-2026-40890

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with...

7.5CVSS5.3AI score0.00346EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34216

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.1 Description An incomplete fix in the 'test.php' file allows for unsanitized input. While the wget path was secured using escapeshellarg, the file get contents and curl code paths remain unsanitized. Additionally,...

9.3CVSS5.3AI score0.00335EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-34223

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev98 Description An issue exists where role and permission are cached in the session during login. The system continues to authorize requests using these cached values even after an administrator modifies the...

8.8CVSS7.8AI score0.00325EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.5 views

CVE-2026-40494

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

9.8CVSS5.8AI score0.00314EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/20 5:26 p.m.7 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to concatenating tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. An attacker can cause unintended files to be installed by supplying a specially crafted archi...

5CVSS5.3AI score0.00144EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/20 5:15 a.m.28 views

CVE-2026-6608 lm-sys fastchat Arena Side-by-Side View add_text control flow

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

6.9CVSS0.00308EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/18 1:42 a.m.4 views

CVE-2026-40494

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

9.8CVSS5.8AI score0.00314EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/18 1:42 a.m.5 views

EUVD-2026-23648

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

9.8CVSS5.8AI score0.00314EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 11:42 p.m.5 views

EUVD-2026-23607

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 842. The function reads the FormFlag byte via dtoh8odata, poffset without a prior bounds check. The standard ptpunpackDPD at lines...

5.2CVSS5.7AI score0.00198EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/17 11:27 p.m.28 views

CVE-2026-40336 libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondary enumeration list in ptp-pack.c

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines 884–885. When processing a secondary enumeration list introduced in 2024+ Sony cameras, the function overwrites dpd-FORM.Enum.SupportedVal...

2.4CVSS0.00181EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.10 views

PT-2026-33530

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description A memory leak exists in the ptp unpack Sony DPD function within camlibs/ptp2/ptp-pack.c. When processing a secondary enumeration list used in 2024+ Sony cameras, the function overwrites the...

5.2CVSS5.8AI score0.00198EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.9 views

PT-2026-33536

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description An out-of-bounds read exists in the PTP DPFF Enumeration case of the ptp unpack Sony DPD function within camlibs/ptp2/ptp-pack.c. The function reads a 2-byte enumeration count N via dtoh16odata,...

6.1CVSS5.8AI score0.00218EPSS
Exploits0References34
OSV
OSV
added 2026/04/13 11:16 p.m.5 views

UBUNTU-CVE-2026-39979

jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jvparsesized API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jvstringfmt, which reads until a NUL terminat...

8.2CVSS5.9AI score0.00559EPSS
Exploits1References6
CVE
CVE
added 2026/04/13 5:49 p.m.45 views

CVE-2026-32316

CVE-2026-32316 affects jq up to and including 1.8.1, where the functions jvp_string_append() and jvp_string_copy_replace_bad() lack string size bounds checks. Concatenating strings that exceed 2^31 bytes causes a 32-bit unsigned overflow in buffer allocation, producing a heap buffer overflow (CWE...

8.2CVSS6.1AI score0.00484EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32491

Name of the Vulnerable Software and Affected Versions jq versions prior to 1.8.2 Description An integer overflow occurs within the jvp string append and jvp string copy replace bad functions when concatenating strings with a combined length exceeding 2^31 bytes. This leads to a 32-bit unsigned...

8.5CVSS5.8AI score0.00559EPSS
Exploits4References44
Rows per page
Query Builder