CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2026/03/19 7:34 p.m.•6 views

AVideo has an authenticated arbitrary local file read via `chunkFile` path injection in `aVideoEncoder.json.php`

Summary POST /objects/aVideoEncoder.json.php accepts a requester-controlled chunkFile parameter intended for staged upload chunks. Instead of restricting that path to trusted server-generated chunk locations, the endpoint accepts arbitrary local filesystem paths that pass isValidURLOrPath. That...

7.6CVSS5.9AI score0.00254EPSS

Exploits1References4Affected Software1

NVD•added 2026/03/19 7:16 p.m.•6 views

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

7.5CVSS0.03002EPSS

Exploits1References3

Metasploit•added 2026/03/19 6:56 p.m.•250 views

AVideo Encoder getImage.php Unauthenticated Command Injection

This module exploits an unauthenticated OS command injection vulnerability in AVideo Encoder's getImage.php endpoint CVE-2026-29058. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any sanitization or use of...

9.8CVSS7.9AI score0.02132EPSS

Exploits2

CNVD•added 2026/03/19 12:0 a.m.•5 views

ImageMagick Buffer Overflow Vulnerability (CNVD-2026-16617)

ImageMagick is ImageMagick open source set of open source image processing software. Can read, convert or write images in a variety of formats. ImageMagick suffers from a buffer overflow vulnerability that originates beyond the end of the write stack buffer when a memory allocation failure occurs...

6.7CVSS6.1AI score0.00096EPSS

Exploits0

CNNVD•added 2026/03/19 12:0 a.m.•7 views

Microsoft .NET 安全漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States, dedicated to agile software development, rapid application development, platform independence, and network transparency. Versions of Microsoft .NET prior to 8.0 8.0.22 and .9.0 9.0.11 contained securit...

7.5CVSS5.8AI score0.03002EPSS

Exploits1References3

ATTACKERKB•added 2026/03/19 12:0 a.m.•4 views

CVE-2026-25667

5.8AI score0.03002EPSS

Exploits1References3

Positive Technologies•added 2026/03/19 12:0 a.m.•6 views

PT-2026-26491

7.6CVSS6AI score0.00254EPSS

Exploits1References6

Packet Storm•added 2026/03/19 12:0 a.m.•139 views

📄 AVideo getImage.php Unauthenticated Command Injection

This Metasploit module exploits an unauthenticated OS command injection vulnerability in the AVideo encoder getImage.php endpoint. This affects versions prior to 7.0. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any...

9.8CVSS5.8AI score0.02132EPSS

Exploits2

Packet Storm News•added 2026/03/17 12:0 a.m.•4 views

DeepStage: Learning Autonomous Defense Policies against Multi-Stage APT Campaigns

This paper presents DeepStage, a deep reinforcement learning DRL framework for adaptive, stage-aware defense against Advanced Persistent Threats APTs. The enterprise environment is modeled as a partially observable Markov decision process POMDP, where host provenance and network telemetry are fus...

5.8AI score

Exploits0

OESA-2026-1606 libsndfile security update

Libsndfile is a C library for reading and writing files containing sampled sound such as MS Windows WAV and the Apple/SGI AIFF format through one standard library interface. Security Fixes: Libsndfile =1.2.2 contains a memory leak vulnerability in the mpegl3encoderinit function within the...

OESA-2026-1605 libsndfile security update

OESA-2026-1604 libsndfile security update

OESA-2026-1603 libsndfile security update