533 matches found
CVE-2026-40384
An improper validation of the search parameter of the commedia files API endpoint leads to a path traversal vulnerability...
PT-2026-43296
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper validation of the search parameter in the "com media files" API endpoint allows for path traversal, a condition where an attacker can access files and...
CVE-2026-28956
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app...
CVE-2026-39869
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing an audio stream in a maliciously crafted media file...
CVE-2026-39869
CVE-2026-39869 is a memory-handling vulnerability in processing an audio stream from a maliciously crafted media file. The issue may cause application or process termination due to memory handling problems. Apple indicates fixes in macOS Sonoma 14.8.7, macOS Tahoe 26.5, macOS Sequoia 15.7.7, tvOS...
Important: Red Hat Security Advisory: nginx:1.24 security update
An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2026-6385
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...
MiracleLinux 9 : nginx:1.24 (AXSA:2026-433:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-433:01 advisory. nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file modification...
CVE-2026-4057
The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...
[SECURITY] [DSA 6190-1] gst-plugins-bad1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6190-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 01, 2026 https://www.debian.org/security/faq -...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : GStreamer Base Plugins vulnerability (USN-8130-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8130-1 advisory. It was discovered that GStreamer Base Plugins incorrectly handled certain AVI media files. A remote attacker could use this issue to cause...
CVE-2026-2920
A flaw was found in GStreamer. This heap-based buffer overflow vulnerability in the ASF Demuxer component allows a remote attacker to execute arbitrary code. The issue arises from insufficient validation of user-supplied data length when processing stream headers within ASF Advanced Systems Forma...
USN-8053-1: libvpx vulnerability
It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to improper handling of memory allocation in the libvpx. An attacker can execute arbitrary code or cause a crash by supplying specially crafted media files. Remediation A fix was pushed into the master...
WordPress Alchemist Ajax Upload plugin <= 1.1 - Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability
Missing Authorization to Unauthenticated Arbitrary Media File Deletion vulnerability discovered by ChamlaVic in WordPress Plugin Alchemist Ajax Upload versions = 1.1...
CVE-2022-23999
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent...
CVE-2019-16248
The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image analogous to supported...
CVE-2025-14633 F70 Lead Document Download <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary Media File Download
The F70 Lead Document Download plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'filedownload' function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to download any file from the WordPre...
CVE-2025-34442
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...
CVE-2025-34442
AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...