Lucene search
K

75 matches found

EUVD
EUVD
added 2026/03/20 4:58 a.m.7 views

EUVD-2026-13557

AVideo is a video-sharing Platform. Versions prior to 8.0 contain a Server-Side Request Forgery vulnerability CWE-918 in the public thumbnail endpoints getImage.php and getImageMP4.php. Both endpoints accept a base64Url GET parameter, base64-decode it, and pass the resulting URL to ffmpeg as an...

9.3CVSS5.7AI score0.00438EPSS
Exploits0References2
Metasploit
Metasploit
added 2026/03/19 6:56 p.m.266 views

AVideo Encoder getImage.php Unauthenticated Command Injection

This module exploits an unauthenticated OS command injection vulnerability in AVideo Encoder's getImage.php endpoint CVE-2026-29058. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any sanitization or use of...

9.8CVSS7.9AI score0.02132EPSS
Exploits2
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.8 views

Ubuntu: Security Advisory (USN-8085-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.8AI score0.02818EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/11 9:11 p.m.23 views

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their...

7.5CVSS6AI score0.02049EPSS
Exploits0References4Affected Software13
OSV
OSV
added 2026/03/11 9:11 p.m.1 views

GHSA-73J8-2GCH-69RQ .NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2026-26127 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0 and .NET 10.0. This advisory also provides guidance on what developers can do to update their...

7.5CVSS5.7AI score0.02049EPSS
Exploits0References4
OSV
OSV
added 2026/03/11 4:50 p.m.4 views

USN-8085-1 dotnet8, dotnet9, dotnet10 vulnerabilities

It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not properly handle certain malformed Base64Url encoded input. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. This issue only affected .NET 9.0 and .NET 10.0. CVE-2026-26127...

7.5CVSS6.6AI score0.02818EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/03/11 4:50 p.m.5 views

USN-8085-1: .NET vulnerabilities

It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not properly handle certain malformed Base64Url encoded input. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. This issue only affected .NET 9.0 and .NET 10.0. CVE-2026-26127...

7.5CVSS5.8AI score0.02818EPSS
Exploits0
Snyk
Snyk
added 2026/03/10 6:41 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commi...

8.7CVSS5.8AI score0.02049EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 6:41 p.m.8 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-arm to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...

8.7CVSS5.8AI score0.02049EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 6:41 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...

8.7CVSS5.8AI score0.02049EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 6:41 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm to version 9.0.14, 10.0.4 or higher. References - GitHub Commit ...

8.7CVSS5.8AI score0.02049EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 6:41 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-arm to version 9.0.14, 10.0.4 or higher. References - GitHub Commit - GitHu...

8.7CVSS5.8AI score0.02049EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 6:41 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.win-x64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit - GitHu...

8.7CVSS5.8AI score0.02049EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 6:41 p.m.3 views

Out-of-bounds Read

Overview Microsoft.Bcl.Memory is a package that provides Index and Range types to simplify slicing operations on collections for .NET Framework and .NET Standard 2.0. Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can...

8.7CVSS5.8AI score0.02049EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 6:41 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-x64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...

8.7CVSS5.8AI score0.02049EPSS
Exploits0References2
NVD
NVD
added 2026/03/06 7:16 a.m.8 views

CVE-2026-29058

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

9.8CVSS0.02132EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/03/06 7:8 a.m.36 views

CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

9.8CVSS0.02132EPSS
Exploits2References1
OSV
OSV
added 2026/03/06 7:8 a.m.7 views

CVE-2026-29058 AVideo: Unauthenticated OS Command Injection via base64Url in objects/getImage.php

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

9.8CVSS6AI score0.02132EPSS
Exploits2References3
CVE
CVE
added 2026/03/06 7:8 a.m.27 views

CVE-2026-29058

AVideo before 7.0 is vulnerable to unauthenticated OS command injection via the base64Url parameter in objects/getImage.php. The base64-decoded value is interpolated into an ffmpeg shell command without proper escaping, allowing arbitrary command execution and potential full server compromise. AM...

9.8CVSS6.1AI score0.02132EPSS
Exploits2References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 7:8 a.m.5 views

CVE-2026-29058

AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration...

9.8CVSS6AI score0.02132EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder