Lucene search
K

957 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-48234

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48237

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-48236

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-48239

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-48240

21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. The autonomous agent discovered vulnerabilities spanning the TS demuxer, VP9 decoder, RTP...

6.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.14 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.1.2)

The version of AHV installed on the remote host is prior to AHV-11.0.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.1.2 advisory. - Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStreamconc...

9.8CVSS7.2AI score0.0218EPSS
Exploits3References19
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.16 views

CVE-2026-38360

Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dashuploader/httprequesthandler.py, BaseHttpRequestHandler.gettemproot, BaseHttpRequestHandler.post components...

9.8CVSS6.2AI score0.05982EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-38361

Multiple unauthenticated denial-of-service DoS issues in fohrloop dash-uploader v0.1.0 through v0.7.0a2. The chunked-upload handler dashuploader/httprequesthandler.py, dashuploader/upload.py trusts unsanitized, attacker-controlled upload parameters e.g. flowTotalChunks and does not enforce the...

7.5CVSS5.5AI score0.02643EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40834

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 2:16 p.m.16 views

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

4.1CVSS0.00297EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/29 7:18 p.m.12 views

@openinc/parse-server-opendash (>=3.31.25 <=4.0.34) potentially affected by CVE-2026-47248 via parse-server (>=9.6.0-alpha.37 <=9.9.0)

parse-server NPM version =9.6.0-alpha.37, =3.31.25, =4.0.34 Source cves: CVE-2026-47248 Source advisory: SNYK:JS-PARSESERVER-17111546...

6.9CVSS5.5AI score0.00291EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/29 7:18 p.m.6 views

@openinc/parse-server-opendash (>=3.31.25 <=4.0.34) potentially affected by CVE-2026-47248 via parse-server (>=9.6.0-alpha.37 <=9.9.0)

parse-server NPM version =9.6.0-alpha.37, =3.31.25, =4.0.34 Source cves: CVE-2026-47248 Source advisory: OSV:GHSA-8CPH-RGR4-G5VJ...

6.9CVSS5.5AI score0.00291EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/27 8:46 p.m.12 views

Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

Description Symfony Mailer selects a transport via the MAILERDSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...

5.8AI score0.00062EPSS
Exploits0References6Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/27 3:10 p.m.11 views

CVE-2026-44353 Streamlink: Arbitrary local file read via file:// URI in HLS and DASH

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...

6.5CVSS5.8AI score0.00345EPSS
Exploits1References1
NVD
NVD
added 2026/05/27 9:16 a.m.23 views

CVE-2026-40834

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:55 a.m.31 views

CVE-2026-40834 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:55 a.m.10 views

CVE-2026-40834 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:55 a.m.20 views

CVE-2026-40834

CVE-2026-40834 describes an unauthenticated SQL injection in the saveDashboardLayout function of dash_layout.php. A low-privileged remote attacker can trigger the vulnerability over the network to read the entire database and insert entries into a non-critical table, resulting in total loss of co...

7.1CVSS6AI score0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:55 a.m.7 views

CVE-2026-40834

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00223EPSS
Exploits0References2Affected Software4
EUVD
EUVD
added 2026/05/27 7:55 a.m.13 views

EUVD-2026-32133

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS6AI score0.00223EPSS
Exploits0References1
Rows per page
Query Builder