SUSE CVE-2026-6385

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

UBUNTU-CVE-2026-26477

An issue in Dokuwiki v.2025-05-14b "Librarian" 56.2 allows a remote attacker to cause a denial of service via the mediauploadxhr function in the media.php file...

Multiple Apple Products Cross-Border Access Vulnerability

Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. apple iPadOS is an operating system for iPad tablets. An out-of-bounds access vulnerability exists in multiple Apple products, which can be exploited by an attacker to terminate a proce...

CVE-2026-20690

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing an audio stream in a maliciousl...

CVE-2025-43386

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt proce...

CVE-2025-43338

CVE-2025-43338 is an out-of-bounds access issue that affects macOS during processing of a malicious media file, potentially causing an app termination or memory corruption. The vulnerability is addressed by bounds checking improvements and is fixed in macOS Tahoe 26 and macOS Sonoma 14.8.2 (per t...

CVE-2025-43383

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app...

EUVD-2018-13334

Malware in sbrugna...

EUVD-2022-32312

Malicious code in bioql PyPI...

CVE-2011-10022

SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception...

CVE-2011-10022 SPlayer 3.7 Content-Type Header Buffer Overflow

SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception...

CVE-2025-43221

The CVE-2025-43221 issue is an out-of-bounds access vulnerability in media processing that was mitigated by improved bounds checking. Affected platforms include macOS Sequoia 15.6, iOS 18.6, iPadOS 18.6, visionOS 2.6, and tvOS 18.6, where processing a maliciously crafted media file could terminat...

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file...

Debian dsa-5753 : aom-tools - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5753 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5753-1 [email protected] https://www.debian.org/security/ Moritz...

Malicious code in -john-wick-4-keanu-reeves-peliculas-completa-varindo-h-d-varindo-en-casa-tarabi-lliena- (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-3295

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the profilepicremove function in versions up to, and including, 3.1.5. This makes it possible for...

BIT-WORDPRESS-2020-4047 Authenticated XSS via media attachment page in WordPress

In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has...

BIT-WORDPRESS-MULTISITE-2020-4047 Authenticated XSS via media attachment page in WordPress

In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has...

UliCMS 2023-1 Sniffing-Vicuna Cross Site Scripting

Exploit Title: Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting XSS Application: Ulicms Version: 2023.1-sniffing-vicuna Bugs: Stored Xss Technology: PHP Vendor URL: https://en.ulicms.de/ Software Link:...

SUSE CVE-2017-18247

The avaudiofifosize function in libavutil/audiofifo.c in Libav 12.2 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted media file...