485986 matches found
CVE-2026-49286
CVE-2026-49286 - PhpWeasyPrint : The library (prior to 2.6.0) guards the output filename against the phar:// stream wrapper with a case-sensitive blacklist. Because PHP stream wrappers are case-insensitive, inputs like PHAR://, Phar:// bypass the check and reach fileExists() in prepareOutput(), a...
CVE-2026-49286 PhpWeasyPrint vulnerable to PHAR deserialization via output filename (CVE-2023-28115 case-insensitive bypass)
PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint guarded the output filename against the phar:// stream wrapper with a case-sensitive blacklist. PHP stream wrappers are case-insensitive, so PHAR://, Phar://, etc...
kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...
CVE-2026-56211
A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...
CVE-2026-56211
CVE-2026-56211 concerns libaom, the reference AV1 codec. The vulnerability stems from insufficient bounds validation in the AV1 encoder’s SVC layer ID control, enabling an attacker-provided frame to overlap internal encoder layer context structures. In fork-based video processing services, this c...
CVE-2026-56211
A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...
CVE-2026-56211 Libaom: libaom: remote code execution via svc layer context handling with attacker-controlled frames
A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...
EUVD-2026-38047
A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...
CVE-2026-56211
A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...
CVE-2026-56209
An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...
EUVD-2026-38045
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...
CVE-2026-56208 Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...
CVE-2026-56209 Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map pointer hijack
An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...
CVE-2026-56208
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...
CVE-2026-56208 Libaom: libaom: heap buffer overflow in av1 encoder first-pass stats buffer via lap mode
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...
CVE-2026-56208
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...
CVE-2026-56209
An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...
CVE-2023-54353
Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files...
CVE-2020-37250
TFTP Broadband 4.3.0.1465 contains an unquoted service path vulnerability in the tftpt.exe service binary that allows local attackers to execute arbitrary code with system privileges. Attackers can place a malicious executable in the Program Files directory path that will be executed during servi...
CVE-2016-20095
Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files...