3247 matches found
CVE-2026-1453 Missing Authentication for Critical Function in KiloView Encoder Series
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product...
CVE-2026-1453 Missing Authentication for Critical Function in KiloView Encoder Series
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product...
EUVD-2026-4969
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product...
CVE-2026-1453
CVE-2026-1453 affects the KiloView Encoder Series. The issue is a missing authentication for a critical function that allows an unauthenticated attacker to create or delete administrator accounts, granting full administrative control over the product. Public sources (NVD/Red Hat/CISA/EUVD/PT-Secu...
CVE-2026-1453
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product...
TencentOS Server 4: libsndfile (TSSA-2026:0036)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0036 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
PT-2026-5327
Name of the Vulnerable Software and Affected Versions KiloView Encoder Series affected versions not specified Description A missing authentication check for a critical function in KiloView Encoder Series allows an unauthenticated attacker to create or delete administrator accounts. Successful...
CVE-2026-24806
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...
Quick-Media Batik Codec FIX package has Code Injection vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects all...
GHSA-8623-9FWR-4CXV Quick-Media Batik Codec FIX package has Code Injection vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects all...
CVE-2026-24806
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...
CVE-2026-24806
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...
CVE-2026-24806 Buffer Write Security Vulnerability in liuyueyi/quick-media
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...
CVE-2026-24806
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...
CVE-2026-24806 Buffer Write Security Vulnerability in liuyueyi/quick-media
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...
CVE-2026-24806
CVE-2026-24806 arises from an improper generation of code in liuyueyi’s quick-media project, specifically the PNGImageEncoder path within the SVG Batik codec fix module. The vulnerability affects quick-media before v1.0 and is described as a Code Injection issue. Supported details from multiple s...
PT-2026-4875
Improper Control of Generation of Code 'Code Injection' vulnerability in liuyueyi quick-media plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/png modules. This vulnerability is associated with program files PNGImageEncoder.Java. This issue affects quick-media...
Quick-Media security vulnerabilities
Quick-Media is a multimedia service software developed by YiHui’s individual developers. Versions of Quick-Media prior to v1.0 contained security vulnerabilities. These vulnerabilities stemmed from a code injection vulnerability in the PNG encoding component, PNGImageEncoder.Java, which could all...
CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...
CVE-2025-22234 Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation
The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...