1008 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: media: ttpci: two memory leaks have been fixed in budgetavattach. When saa7146registerdevice and saa7146vvinit fail, budgetavattach should free the resources it allocates, similar to the error handling in ttpcibudgetinit...
CVE-2026-44670
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...
CVE-2026-7704
A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3...
Astra Linux - уязвимость в ffmpeg, ffmpeg5
A NULL pointer dereference vulnerability exists in FFmpeg’s Firequalizer filter libavfilter/affirequalizer.c due to a missing check on the return value of avmallocarray in the configinput function. An attacker could exploit this by tricking a victim into processing a crafted media file with the...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f "ALSA: firewire-lib: Add support for deferred transaction" while 'deferrable' flag can be...
Astra Linux - уязвимость в ffmpeg5
FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the avmalloc function in libavutil/mem.c:105:9 component...
CVE-2026-7704 AV Stumpfl Pixera Two Media Server Service Port 1338 path traversal
A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3...
EUVD-2026-26841
A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...
AV Stumpfl Pixera Two Media Server 注入漏洞
The AV Stumpfl Pixera Two Media Server is a professional media server system developed by the Austrian company AV Stumpfl. Versions of the AV Stumpfl Pixera Two Media Server 25.2 R2 and earlier had a injection vulnerability. This vulnerability stemmed from unknown functions in the WebSocket API...
Barco/AWIND OEM Presentation Platform - Remote Command Injection
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pr...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007265)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007265 advisory. In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budgetavattach When saa7146registerdevice and saa7146vvinit...
PT-2026-29337
Name of the Vulnerable Software and Affected Versions D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link...
MSI-Exploit-k4
MSI-Explot-k4 Next-Gen Red Team Framework for MSI-Based Pr...
CVE-2007-4885
Avnex AV MP3 Player allows user-assisted remote attackers to cause a denial of service application crash via a malformed .au file that triggers a divide-by-zero error...
CVE-2020-23888
A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 of WildBit Viewer v6.6 allows attackers to cause a denial of service DoS via a crafted psd file...
CVE-2020-10180
The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro macOS, Cyber Security macOS, Mobile Security for Android, Smart TV Security,...
CVE-2022-26122
An insufficient verification of data authenticity vulnerability CWE-345 in FortiClient, FortiMail and FortiOS AV engines version 6.2.168 and below and version 6.4.274 and below may allow an attacker to bypass the AV engine via manipulating MIME attachment with junk and pad characters in base64...
Malicious code in akabi-alfi-av (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1b436be90fe76176f870a282484dcc7be9924aa6dcf9385351855834214227f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152151 Malicious code in akabia-aliguafi-av (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b089a2a32017d484d4355e9fc4b527a8020f1f4fdbc4fb4ecba138c61851f4f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-152128 Malicious code in akabi-alfi-av (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1b436be90fe76176f870a282484dcc7be9924aa6dcf9385351855834214227f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...