Cisco Slido 安全漏洞

Cisco Slido is an interactive Q&A and voting platform provided by the American company Cisco. There is a security vulnerability in Cisco Slido, which stems from insecure direct object references. This vulnerability could allow authenticated remote attackers to access other users’ social media dat...

SUSE CVE-2026-41457

OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious values through the query= and filter= parameters for integer-mapped DAAP fields. Attackers can exploit...

CVE-2026-5907

Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. Chromium security severity: Low...

WordPress plugin Social Feed Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-10637

CVE-2025-10637 concerns the Social Feed Gallery (insta-gallery) WordPress plugin. Multiple connected sources confirm a vulnerability in versions

EUVD-2021-11642

Malware in sbrugna...

EUVD-2021-11825

Malware in sbrugna...

EUVD-2023-25653

Malicious code in bioql PyPI...

EUVD-2023-25654

Malicious code in bioql PyPI...

[SECURITY] Fedora 41 Update: mingw-gstreamer1-plugins-bad-free-1.24.10-3.fc41

GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality...

CVE-2023-21485

Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...

CVE-2023-21486

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...

CVE-2020-6630

An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gfisomgetmediadatasize in isomedia/isomread.c...

CVE-2012-4115

The fabric-interconnect component in Cisco Unified Computing System UCS does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug...

DEBIAN-CVE-2024-42325

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

ALSA-2024:2287 Moderate: gstreamer1-plugins-bad-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with...

CVE-2023-40081

In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Information disclosure

In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21486

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...

CVE-2023-21485

Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox...