CVE-2026-33025 AVideo-Encoder is Vulnerable to Authenticated SQL Injection via ORDER BY Clause

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a SQL Injection vulnerability in the getSqlFromPost method of Object.php. The $POST'sort' array keys are used directly as SQL column identifiers inside an ORDER BY clause. Although realescapestring was applied, it only escapes...

CVE-2026-33024 AVideo-Encoder has Unauthenticated Blind Server-Side Request Forgery via Public Thumbnail Generator

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vulnerability CWE-918 in the public thumbnail endpoints getImage.php and getImageMP4.php. Both endpoints accept a base64Url GET parameter, base64-decode it, and pass the resulting URL to ffmpeg as an...

PT-2026-26769

Summary The sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters &&, ;, |, , . However, it fails to strip $ bash command substitution syntax. Since the sanitized command is...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.Server.Kestrel.Core is a core components of ASP.NET Core Kestrel cross-platform web server. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an incorrect exit condition in the HTTP/3 Encoder/Decoder strea...

AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`

Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

AVideo Encoder getImage.php Unauthenticated Command Injection

This module exploits an unauthenticated OS command injection vulnerability in AVideo Encoder's getImage.php endpoint CVE-2026-29058. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any sanitization or use of...

Microsoft .NET 安全漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States, dedicated to agile software development, rapid application development, platform independence, and network transparency. Versions of Microsoft .NET prior to 8.0 8.0.22 and .9.0 9.0.11 contained securit...

ImageMagick Buffer Overflow Vulnerability (CNVD-2026-16617)

ImageMagick is ImageMagick open source set of open source image processing software. Can read, convert or write images in a variety of formats. ImageMagick suffers from a buffer overflow vulnerability that originates beyond the end of the write stack buffer when a memory allocation failure occurs...

PT-2026-26491

Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

📄 AVideo getImage.php Unauthenticated Command Injection

This Metasploit module exploits an unauthenticated OS command injection vulnerability in the AVideo encoder getImage.php endpoint. This affects versions prior to 7.0. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any...

DeepStage: Learning Autonomous Defense Policies against Multi-Stage APT Campaigns

This paper presents DeepStage, a deep reinforcement learning DRL framework for adaptive, stage-aware defense against Advanced Persistent Threats APTs. The enterprise environment is modeled as a partially observable Markov decision process POMDP, where host provenance and network telemetry are fus...

OESA-2026-1606 libsndfile security update

Libsndfile is a C library for reading and writing files containing sampled sound such as MS Windows WAV and the Apple/SGI AIFF format through one standard library interface. Security Fixes: Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the...

OESA-2026-1605 libsndfile security update

Libsndfile is a C library for reading and writing files containing sampled sound such as MS Windows WAV and the Apple/SGI AIFF format through one standard library interface. Security Fixes: Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the...

OESA-2026-1604 libsndfile security update

Libsndfile is a C library for reading and writing files containing sampled sound such as MS Windows WAV and the Apple/SGI AIFF format through one standard library interface. Security Fixes: Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the...

OESA-2026-1603 libsndfile security update

Libsndfile is a C library for reading and writing files containing sampled sound such as MS Windows WAV and the Apple/SGI AIFF format through one standard library interface. Security Fixes: Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the...

DEBIAN-CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

UBUNTU-CVE-2026-29078

Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx-bufferused -= size with a stale size = 3 causes an integer underflow that wraps to SIZEMAX. Afterwards, memcpy is called with ...

CVE-2026-29078

Lexbor CVE-2026-29078 affects the ISO-2022-JP encoder prior to version 2.7.0. The bug is caused by not resetting the temporary size variable between iterations, so ctx->buffer_used -= size with a stale size (3) underflows to SIZE_MAX. This underflow leads to memcpy called with a negative lengt...