Lucene search
K

998 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-40743

Insufficient validation of untrusted input in Media in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted video file. Chromium security severity: Low...

5.8AI score0.00161EPSS
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-40544

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday18 views

CVE-2026-36912

A NULL pointer dereference in the AP4AtomSampleTable::GetSample function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-36909

The CVE-2026-36909 affects MPC-BE (Aleksoid1978 MPC-BE) with a NULL pointer dereference in AP4_TkhdAtom::GetTrackId(), allowing DoS via a crafted MP4 file. Affected entity is MPC-BE before commit 4341cb3. Root cause: NULL pointer dereference in track ID retrieval. Impact: Denial of Service when p...

5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-36911

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

Exploits0References1
OSV
OSV
added 2 days ago2 views

DEBIAN-CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

6.5CVSS0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago19 views

CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

0.00244EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2 days ago3 views

CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00244EPSS
Exploits0
CVE
CVE
added 2 days ago7 views

CVE-2026-13858

CVE-2026-13858 involves an out-of-bounds read in FFmpeg when used by Google Chrome prior to version 150.0.7871.47. The vulnerability could allow a remote attacker to read process memory via a crafted video file, with the impact described as high confidentiality risk and no changes to integrity/av...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago7 views

CVE-2026-36907

Summary: CVE-2026-36907 is a stack overflow in the Bento4 toolkit (Apollo AXIOMATIC Bento4) within the AP4_StsdAtom component. Affected version(s): Bento4 before v1.8.9. Impact: Denial of Service (DoS) via a crafted MP4 file. Root cause: Stack overflow in AP4_StsdAtom when parsing MP4 metadata. R...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/23 7:53 p.m.6 views

CVE-2026-12892

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...

4.4CVSS5.8AI score0.00124EPSS
Exploits0
EUVD
EUVD
added 2026/06/23 7:53 p.m.7 views

EUVD-2026-38607

A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds read can occur during parsing. This happens when the parser attempts to check slice boundary...

4.4CVSS5.8AI score0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 6:31 p.m.6 views

EUVD-2025-210311

GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gfisomaddtrackkind function at isomedia/isomwrite.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

6.5CVSS5.9AI score0.00352EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/23 4:21 p.m.46 views

CVE-2026-55447 Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.2, by controlling a files that are digested into the RAG, an attacker can direct the node to read any file on the file-system by absolute path. All components based on BaseFileComponent are vulnerable to t...

9.6CVSS0.00411EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 4:21 p.m.16 views

CVE-2026-55447

Langflow’s BaseFileComponent family (including Read File, DoclingInlineComponent, DoclingServe, DoclingRemoteComponent, NvidiaIngestComponent, VideoFileComponent, UnstructuredComponent) is affected by CVE-2026-55447. The underlying issue is in base_file.py: _unpack_bundle TAR extraction does not ...

9.6CVSS5.9AI score0.00411EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-12706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decodemove function initializes a read pointer into a decompressed buffer, but a...

6.5CVSS5.9AI score0.00245EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the ffhevcputhevcepelpixels8sse function in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a crafted video file...

6.5CVSS6.6AI score0.00825EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Chromium

The use of after-free in Storage in Google Chrome before version 141.0.7390.65 allowed a remote attacker to execute arbitrary code through a crafted video file. Chromium security severity: High...

8.8CVSS8.3AI score0.00283EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the putepel16fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted video file...

6.5CVSS6.6AI score0.00844EPSS
Exploits1References2
Rows per page
Query Builder