Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

39 matches found

RedhatCVE
RedhatCVEadded 2026/04/07 11:1 p.m.2 views

CVE-2026-35203

ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...

7.5CVSS5.9AI score0.00077EPSS
Exploits1References1
NVD
NVDadded 2026/04/06 8:16 p.m.1 views

CVE-2026-35203

ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...

7.5CVSS0.00077EPSS
Exploits1References2
CVE
CVEadded 2026/04/06 7:54 p.m.4 views

CVE-2026-35203

ZLMediaKit's VP9 RTP payload parser (ext-codec/VP9Rtp.cpp) reads multiple fields from the RTP payload based on flag bits in the first byte without verifying enough data, allowing a crafted 1-byte VP9 payload (0xFF, all flags set) to read past the buffer end and trigger a heap-buffer-overflow. The...

7.5CVSS5.9AI score0.00077EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/04/06 7:54 p.m.12 views

CVE-2026-35203 ZLMediaKit VP9 RTP Parser Out-of-Bounds Read

ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...

7.5CVSS0.00077EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/04/06 7:54 p.m.0 views

CVE-2026-35203

ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...

7.5CVSS5.9AI score0.00077EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/06 7:54 p.m.1 views

CVE-2026-35203 ZLMediaKit VP9 RTP Parser Out-of-Bounds Read

ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...

7.5CVSS5.9AI score0.00077EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.1 views

PT-2026-30725

ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...

7.5CVSS5.9AI score0.00077EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.3 views

ZLMediaKit 缓冲区错误漏洞

ZLMediaKit is an open-source advanced streaming service framework based on C++ 11, developed by ZLMediaKit in China. ZLMediaKit has a buffer error vulnerability, which stems from the lack of buffer boundary validation in the VP9 RTP parser, potentially leading to a heap buffer overflow...

7.5CVSS6.2AI score0.00077EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/01/09 12:33 p.m.1 views

CVE-2023-31861

ZLMediaKit 4.0 is vulnerable to Directory Traversal...

7.5CVSS7AI score0.01253EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-36151

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01253EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2022-39887

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 10:9 a.m.3 views

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

9.8CVSS7.2AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 11:19 p.m.1 views

CVE-2022-37237

An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327...

7.5CVSS7AI score0.0028EPSS
Exploits0References1
NVD
NVDadded 2024/04/08 6:15 a.m.11 views

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

9.8CVSS6.8AI score0.00444EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/04/08 12:0 a.m.16 views

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

7.1AI score0.00444EPSS
Exploits0References1
CNNVD
CNNVDadded 2024/04/08 12:0 a.m.2 views

ZLMediaKit 安全漏洞

ZLMediaKit is an advanced C++ 11-based operational-grade streaming media service framework open-sourced by ZLMediaKit in China. A security vulnerability exists in ZLMediaKit versions 1.0 through 8.0, which stems from the presence of an incorrect access control vulnerability that allows a remote...

9.8CVSS6.7AI score0.00444EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/04/08 12:0 a.m.14 views

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

7.2AI score0.00444EPSS
Exploits0References1
CVE
CVEadded 2024/04/08 12:0 a.m.52 views

CVE-2024-27488

ZLMediaKit versions 1.0–8.0 are affected by an Incorrect Access Control vulnerability that enables remote attackers to escalate privileges and obtain sensitive information. The issue stems from the application enabling the HTTP API interface by default and using a secret parameter for authenticat...

9.8CVSS7.1AI score0.00444EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/04/07 12:0 a.m.1 views

PT-2024-21918 · Unknown · Zlmediakit

Name of the Vulnerable Software and Affected Versions: ZLMediaKit versions 1.0 through 8.0 Description: The issue allows remote attackers to escalate privileges and obtain sensitive information due to an Incorrect Access Control vulnerability. The application system enables the http API interface...

9.8CVSS7.3AI score0.00444EPSS
Exploits0References5
OSV
OSVadded 2023/09/11 6:15 p.m.0 views

CVE-2023-39067

Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL...

6.1CVSS6.1AI score0.00126EPSS
Exploits0References2
Rows per page
Query Builder