CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49583

A Denial of Service DoS vulnerability exists in the @angular/common package of the Angular framework. The formatDate function, which is also utilized by the standard Angular DatePipe, does not properly limit or validate the length of the format parameter. When parsing a maliciously crafted,...

PT-2026-49581

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

PT-2026-49167

A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file appmodulesmedicalportrestcontrollersPatientController.php of the component HTTP REST API. The manipulation of the argument ID results ...

PT-2026-49179

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

CVE-2025-55648

GPAC MP4Box v2.4 is affected by a heap buffer overflow in gf_opus_parse_packet_header (media_tools/av_parsers.c) that can cause a Denial of Service when a crafted MP4 file is processed. This is a DoS by exploiting a memory-protection flaw in the parser; CVSS notes a local attack with user interac...

CVE-2026-38065

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...

PT-2026-49557

Cross-realm IN PLACE sanitization leaves executable markup intact via realm-bound instanceof checks CWE: CWE-79 XSS — Improper Neutralization of Input During Web Page Generation via CWE-693 Protection Mechanism Failure — realm-bound instanceof checks fail-open on foreign-realm DOM nodes and CWE-5...

PT-2026-49558

IN PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM CWE: CWE-79 XSS — Improper Neutralization of Input During Web Page Generation via CWE-693 Protection Mechanism Failure — silent no-op when forceRemove is called on a parent-less node...

Linux Distros Unpatched Vulnerability : CVE-2026-11850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an...

CVE-2025-55650

GPAC MP4Box v2.4 is affected by a heap use-after-free in gf_node_get_tag (scenegraph/base_scenegraph.c) that enables Denial of Service via crafted MP4 files. Impact: availability DoS. Root cause: heap use-after-free. Affected component: GPAC MP4Box 2.4; vulnerability location: gf_node_get_tag in ...

CVE-2025-55652

GPAC MP4Box v2.4 is affected by a heap buffer overflow in gf_isom_vp_config_new (isomedia/avc_ext.c), enabling DoS via a crafted MP4 file. This is documented across multiple sources (CVE-2025-55652, EUVD-2025-210150, NVD, CVELIST, etc.). The vulnerability details specify the vulnerable function a...

PT-2026-49334

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst av1 parser parse tile list obu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a...

PT-2026-49278

A stack overflow in the gf opus read length function media tools/av parsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49296

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action ims on with apn via the ims apn parameter...

PT-2026-49276

A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49272

A heap buffer overflow in the gf cenc set pssh function isomedia/drm sample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49294

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action radio on with ia apn via the ia parameter...

PT-2026-49292

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action set volume via the volume parameter...

PT-2026-49271

A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...