Lucene search
K

405 matches found

Cvelist
Cvelist
added 2026/07/06 6:15 a.m.32 views

CVE-2026-14801 GPAC TeXML File load_text.c txtin_probe_duration divide by zero

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack...

4.8CVSS0.00112EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/06 6:15 a.m.8 views

EUVD-2026-41814

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References7
CVE
CVE
added 2026/06/18 4:20 p.m.22 views

CVE-2025-32437

CVE-2025-32437 affects AutoGPT prior to 0.6.63, specifically the MediaDurationBlock. The issue arises because MediaDurationBlock downloads and stores videos in a temporary directory without proper deletion, and StepThroughItemsBlock can iterate MediaDurationBlock multiple times, with no limit on ...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 4:20 p.m.2 views

CVE-2025-32437 AutoGPT has a DoS vulnerability in MediaDurationBlock

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, MediaDurationBlock will download and store the video in a temporary directory without deleting before all noded are done. StepThroughItemsBlock can be used t...

8.7CVSS5.9AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.16 views

PT-2026-50694

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.63 Description AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. The AddAudioToVideoBlock function downloads and stores video and audio file...

7.1CVSS5.8AI score0.00247EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.14 views

CVE-2026-41061

WWBN AVideo is an open source video platform. In versions 29.0 and below, the isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the...

5.4CVSS5.1AI score0.00173EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-1163

An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails to invalidate active sessions after a password reset, allowing an attacker to continue using an old session token. This issue arises due to the absence of logic to reject reques...

4.1CVSS5.4AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:18 p.m.8 views

JLSEC-2026-571

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS5.2AI score0.0032EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/28 6:31 p.m.12 views

CVE-2026-45044 RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlers

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS5.8AI score0.0031EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44471

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS5.8AI score0.0031EPSS
Exploits0References2
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/05/21 12:0 a.m.15 views

One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign

A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mac8021: fixed possible out-of-bound access in ieee80211getrateduration Fixed possible out-of-bound access in the ieee80211getrateduration routine As reported in the following UBSAN report: UBSAN: Array index out-of-boun...

7.8CVSS6.4AI score0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 7:10 p.m.59 views

CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS0.0032EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/19 7:10 p.m.15 views

CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS5.7AI score0.0032EPSS
Exploits1References2
CVE
CVE
added 2026/05/19 7:10 p.m.27 views

CVE-2026-32739

libheif (HEIF/AVIF decoder) is affected through versions 1.21.2 and earlier, where a crafted 800-byte HEIF sequence file can trigger an infinite loop in Box_stts::get_sample_duration() during parsing, causing 100% CPU DoS with no progress and no crashログ. The issue is triggered on file open and is...

6.5CVSS5.7AI score0.0032EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/19 7:10 p.m.2 views

CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS6.1AI score0.0032EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/05/19 7:10 p.m.9 views

CVE-2026-32739

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS5.7AI score0.0032EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

libheif 安全漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a security vulnerability. This vulnerability stems from an infinite loop in Boxstts::getsampleduration, which consumes 100% of the CPU...

6.5CVSS5.8AI score0.0032EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/05/19 12:0 a.m.14 views

Detecting Data Exfiltration through I2P Anonymity Networks: A Two-Phase Machine Learning Approach

The Invisible Internet Project I2P provides strong anonymity through garlic routing and distributed network architecture, making it attractive for legitimate privacy needs. Nevertheless, the same properties can be exploited by malicious actors to steal sensitive information from corporate network...

5.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/13 8:16 p.m.13 views

CVE-2026-33378

Using the $timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL datasource. If the server is set up to auto-restart, the impact is minimal or non-existent, as the attack can take upwards of half an hour to crash the server...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References2
Rows per page
Query Builder