PT-2026-49527

Name of the Vulnerable Software and Affected Versions Socket versions prior to 2.041 Description An out-of-bounds heap read exists in the pack ip mreq source function. The issue occurs because the function validates the length of the source argument using the byte length of the preceding multiadd...

CVE-2025-55647

The CVE-2025-55647 entry concerns GPAC MP4Box v2.4. The vulnerability is an Out-of-Memory in mp4_mux_cenc_insert_pssh (filters/mux_isom.c) that allows a crafted MP4 file to cause a Denial of Service. Affected component is the mp4_mux_cenc_insert_pssh function; the root cause is memory exhaustion ...

📄 FreeType SHZ 2.14.3 Heap Buffer Overflow

This Python proof of concept framework is designed for security research into a reported heap buffer overflow condition affecting the FreeType TrueType bytecode interpreter. The code constructs specially crafted font structures intended to exercise the SHZ instruction path, generates malformed...

PT-2026-49341

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A flaw exists in the WavPack audio decoder within gst-plugins-good. An integer overflow occurs during the buffer size calculation 4 block samples channels inside the gst wavpack dec handle...

PT-2026-49291

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action unlock sim via the pin parameter...

PT-2026-49280

A segmentation violation in the Track SetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55663

GPAC MP4Box v2.4 is affected by a vulnerability in Track_SetStreamDescriptor (isomedia/track.c) where a malformed MP4 file can trigger a segmentation fault, leading to Denial of Service. The issue is caused by a segmentation violation inside Track_SetStreamDescriptor, enabling DoS via crafted inp...

CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

CVE-2026-38065

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionimsonwithapn via the imsapn parameter...

CVE-2026-38061

CVE-2026-38061 affects Tenda 5G03 with firmware V05.03.02.04 (Version 1.0). It is a command-injection vulnerability in the function action_set_volume through the volume parameter. The CVSSv3.1 metrics indicate a remote, unauthenticated exploit with high impact to confidentiality, integrity, and a...

CVE-2026-38065

The vulnerability CVE-2026-38065 affects Tenda 5G03 devices running firmware V05.03.02.04 (Version 1.0) . A command injection exists in the function action_ims_on_with_apn via the ims_apn parameter. This is supported by multiple connected sources (NVD, ENISA EUVD, CVE listings) confirming the sam...

CVE-2026-38064

Affected product: Tenda 5G03 V05.03.02.04 (Version 1.0). Vulnerability: command injection in the function action_dial_call via the dialNumber parameter. Root cause/detail: not explicitly described beyond the command injection vector; connected sources confirm the same description across EUVD-2026...

CVE-2026-38060

The CVE-2026-38060 entry concerns Tenda 5G03 V05.03.02.04 (Version 1.0) with a vulnerability in the function action_unlock_sim, exploitable via the pin parameter to enable command injection. The mapped CVSS 3.1 base score is 9.8 (CRITICAL) with Network attack vector, no privileges required, no us...

CVE-2026-38062

Summary: CVE-2026-38062 affects Tenda 5G03 (V05.03.02.04, Version 1.0). The issue is a command injection in the function action_set_rat_mode via the ratMode parameter. Multiple trusted sources (NVD, EUVD, CVE lists, vuln enrichment) describe this vulnerability with the same root cause. The CVSS v...

PT-2026-49296

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action ims on with apn via the ims apn parameter...

PT-2026-49562

A Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber function, which is also utilized by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. Specifically, the minimum and maximum...

PT-2026-49581

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

CVE-2026-38063

CVE-2026-38063 affects Tenda 5G03 V05.03.02.04 (Version 1.0). The vulnerability is a command injection in the function action_radio_on_with_ia_apn via the ia parameter. CVSS 3.1 base score 9.8 (Network, No auth, No user interaction). Exploitation status and concrete remediation details are not pr...

PT-2026-49295

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function action dial call via the dialNumber parameter...