CVE-2026-9567 GPAC MP4Box isom_intern.c MergeFragment null pointer dereference

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isomintern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the publ...

CVE-2026-9567

GPAC MP4Box (up to version 2.4.0) houses a vulnerability in isomedia/isom_intern.c: MergeFragment, where input handling can trigger a null pointer dereference. Exploitation is local, and a public PoC/exploit exists; this confirms practical risk under local access conditions. The patch is identifi...

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2026-4800 via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2026-4800 Source advisory: OSV:GHSA-R5FR-RJXR-66JC...

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2025-13465 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JS-LODASHAMD-15869622...

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2021-23337 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2021-23337, CVE-2026-4800 Source advisory: SNYK:JS-LODASHAMD-15869626...

OESA-2026-1215 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability was found in Open...

GPAC vorbis_to_intern function stack buffer overflow vulnerability

GPAC is an open source multimedia framework. GPAC suffers from a stack buffer overflow vulnerability that stems from the vorbistointern function failing to correctly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...

CVE-2025-70310

A heap overflow in the vorbistointern function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted .ogg file...

CVE-2025-70310

A heap overflow in the vorbistointern function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted .ogg file...

CVE-2025-70310

A heap overflow in the vorbistointern function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted .ogg file...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002037)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002037 advisory. Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service...

EUVD-2026-2746

A heap overflow in the vorbistointern function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted .ogg file...

CVE-2025-70310

A heap overflow in the vorbistointern function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted .ogg file...

GPAC 安全漏洞

GPAC is an open source multimedia framework. GPAC suffers from a stack buffer overflow vulnerability that stems from the vorbistointern function failing to correctly validate the length and size of the input data, which can be exploited by an attacker to cause a denial of service...

CVE-2025-70310

A heap overflow in the vorbistointern function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted .ogg file...

CVE-2026-0850

A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2026-0850

A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2026-0850 code-projects Intern Membership Management System delete_activity.php sql injection

A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. The attack may be launched remotely. The exploit has been...

PT-2026-2040

Name of the Vulnerable Software and Affected Versions Intern Membership Management System version 1.0 Description A SQL injection issue exists in the Intern Membership Management System. The issue is located in the /admin/delete activity.php file, within an unknown function. Manipulating the...

Intern Membership Management System SQL注入漏洞

Intern Membership Management System is an intern membership management system. An SQL injection vulnerability exists in Intern Membership Management System version 1.0, which stems from an incorrect manipulation of the parameter activityid in the file /admin/deleteactivity.php, which could lead t...