CVE-2025-55650

GPAC MP4Box v2.4 is affected by a heap use-after-free in gf_node_get_tag (scenegraph/base_scenegraph.c) that enables Denial of Service via crafted MP4 files. Impact: availability DoS. Root cause: heap use-after-free. Affected component: GPAC MP4Box 2.4; vulnerability location: gf_node_get_tag in ...

PT-2026-49334

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst av1 parser parse tile list obu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a...

PT-2026-49296

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action ims on with apn via the ims apn parameter...

PT-2026-49276

A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49272

A heap buffer overflow in the gf cenc set pssh function isomedia/drm sample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49294

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action radio on with ia apn via the ia parameter...

PT-2026-49292

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action set volume via the volume parameter...

PT-2026-49271

A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49275

A NULL pointer dereference in the gf media map esd function media tools/isom tools.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49295

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action dial call via the dialNumber parameter...

PT-2026-49293

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action set rat mode via the ratMode parameter...

PT-2026-49269

A NULL pointer dereference in the gf isom copy sample info function isomedia/isom write.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-49302

Name of the Vulnerable Software and Affected Versions Vector versions prior to 0.55.0 Description The ClickHouse sink contains a SQL/identifier injection flaw. The software escaped the table identifier but interpolated the database value raw into the INSERT statement, allowing a crafted database...

PT-2026-49531

Name of the Vulnerable Software and Affected Versions Crypt::DSA versions prior to 1.21 Description The software reuses the nonce across signatures, which can lead to the recovery of the private key. The sign function in the Crypt::DSA::sign module caches the per-signature nonce material within t...

PT-2026-49534

Name of the Vulnerable Software and Affected Versions grpc versions 0.3.1 through 0.9.x Description Unauthenticated attackers can exhaust the BEAM memory and crash the server by streaming a large or slow-trickle unary request body. The function read full body/3 in...

PT-2026-49241

Zephyr's native TCP stack iterates the global connection list in net tcp foreach subsys/net/ip/tcp.c using the SYS SLIST FOR EACH CONTAINER SAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcp lock while invoking the per-connection callback and...

PT-2026-49536

Name of the Vulnerable Software and Affected Versions browserstack-cypress-cli versions prior to 1.36.4 Description The browserstack-cypress-cli allows users to run Cypress tests on BrowserStack. An OS command injection is possible through the cypress config file configuration parameter. In the...

PT-2026-49532

Name of the Vulnerable Software and Affected Versions elixir-grpc versions 0.8.0 through 0.9.x Description Authenticated attackers can access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. This occurs in...

CVE-2025-55647

An Out-of-Memory in the mp4muxcencinsertpssh function filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2026-39196

Datadog Vector v0.54.0 contains a SQL injection in the set_uri_query parameter of KeyPartitioner::partition. The vulnerability could allow an attacker to access sensitive database information via crafted SQL statements. Affected component: Vector’s data routing/partition logic (KeyPartitioner::pa...