Lucene search
K

20315 matches found

EUVD
EUVD
added 2026/06/26 2:53 p.m.4 views

EUVD-2026-39735

Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.31 views

CVE-2026-57323 WordPress Flash & HTML5 Video plugin <= 2.11.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...

5.8CVSS0.00228EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.7 views

CVE-2026-57323

The CVE-2026-57323 entry concerns the WordPress Flash & HTML5 Video plugin (versions &lt;= 2.11.0). Affected component: the Flash & HTML5 Video functionality within the WordPress plugin. Root cause: Unauthenticated Broken Access Control, enabling access to resources without authentication. Impact...

5.8CVSS5.8AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 7:34 a.m.5 views

CVE-2026-53138

A flaw was found in the Linux kernel's AMD display drm/amd/display driver. A malformed VBIOS image can cause unbounded processing loops, leading to an out-of-bounds read. This could result in information disclosure or a system crash...

5.8AI score0.00168EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 2:16 a.m.10 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

6.1CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 1:11 a.m.35 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

4.7CVSS0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:11 a.m.7 views

CVE-2026-50745

A missing sanitisation vulnerability exists with user input in the stats-video.php script. The way URLs to this script were constructed did not follow best practices, and the output of the Smarty custom helper function url was neither properly encoded nor sanitised, allowing user‑supplied input t...

4.7CVSS5.8AI score0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 12:0 a.m.8 views

CVE-2026-36907

Summary: CVE-2026-36907 is a stack overflow in the Bento4 toolkit (Apollo AXIOMATIC Bento4) within the AP4_StsdAtom component. Affected version(s): Bento4 before v1.8.9. Impact: Denial of Service (DoS) via a crafted MP4 file. Root cause: Stack overflow in AP4_StsdAtom when parsing MP4 metadata. R...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52652

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A missing sanitisation issue exists in the stats-video.php script. The construction of URLs to this script does not follow best practices, and the output of the...

6.1CVSS5.7AI score0.00224EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 8:17 p.m.7 views

CVE-2026-46601

The webp decoder can panic when processing a VP8 chunk with dimensions that do not match the canvas size...

7.5CVSS0.00339EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 4:16 p.m.5 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

3.4CVSS0.00167EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 3:26 p.m.6 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

3.4CVSS5.8AI score0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 9:31 a.m.4 views

EUVD-2026-39343

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a 0xFF recordtype sentinel or zero recordsize. A malformed VBIOS image...

5.7AI score0.00168EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 9:31 a.m.3 views

EUVD-2026-39341

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...

5.7AI score0.00172EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53138

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a 0xFF recordtype sentinel or zero recordsize. A malformed VBIOS image...

0.00168EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53136

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...

0.00172EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53138

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a 0xFF recordtype sentinel or zero recordsize. A malformed VBIOS image...

5.1CVSS5.7AI score0.00168EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 8:38 a.m.9 views

CVE-2026-53138

The CVE affects the Linux kernel’s drm/amd/display path. A malformed VBIOS image could cause unbounded iteration during probe due to for(;;) record-chain walks in bios_parser.c/bios_parser2.c, terminating only on a 0xFF sentinel or a zero record_size. In worst cases, this could loop hundreds of t...

5.7AI score0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.28 views

CVE-2026-53136 drm/amd/display: Clamp VBIOS HDMI retimer register count to array size

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...

0.00172EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 8:38 a.m.8 views

CVE-2026-53136

The CVE pertains to the Linux kernel driver drm/amd/display. A malformed VBIOS can set HdmiRegNum/Hdmi6GRegNum to values up to 255, used as loop bounds when copying retimer I2C settings into fixed-size arrays, causing an out-of-bounds heap write during driver probe. The fix clamps each register c...

5.7AI score0.00172EPSS
Exploits0References7
Rows per page
Query Builder