Schneider Electric U.motion Builder - SQL Injection

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of mcluma in the motion.cc library. This vulnerability allows attackers to cause a Denial of Service DoS attack by using a specially crafted video file...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.11 contains a heap buffer overflow issue, caused by the derivecollocatedmotionvectors function in the motion.cc file...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the use of putunweightedpred16fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted video file...

CVE-2025-55652

GPAC MP4Box v2.4 is affected by a heap buffer overflow in gf_isom_vp_config_new (isomedia/avc_ext.c), enabling DoS via a crafted MP4 file. This is documented across multiple sources (CVE-2025-55652, EUVD-2025-210150, NVD, CVELIST, etc.). The vulnerability details specify the vulnerable function a...

GPAC MP4Box 处理逻辑错误漏洞

GPAC is an open-source multimedia framework developed by GPAC. Version 2.4 of GPAC contains a security vulnerability. This vulnerability stems from a floating-point exception in the gfopusparsepacketheader function, which could allow attackers to cause denial-of-service attacks through specially...

res (>=0.2.0 <=0.3.0), scroller-motion (>=0.0.1-beta.2 <=0.0.1-beta.3) potentially affected by CVE-2026-42890 via actual (>=0.2.0 <=0.4.0)

actual NPM version =0.2.0, =0.2.0, =0.0.1-beta.2, =0.0.1-beta.3 Source cves: CVE-2026-42890 Source advisory: OSV:GHSA-7RVM-XJPP-63R9...

CVE-2026-25787

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

CVE-2026-35716

CVE-2026-35716 describes a stack-based buffer overflow in the motion_privacy.cgi binary of VIVOTEK FD8136 firmware (FD8136-VVTK-0300a). The issue occurs when an oversized n1 parameter in a POST request to endpoints /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or /cgi-bin/admin/setmd_profil...

EUVD-2026-33969

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

Vivotek VIVOTEK FD8136-VVTK 安全漏洞

Vivotek VIVOTEK FD8136-VVTK is a super-miniature fixed dome network camera firmware developed by Vivotek Corporation. The Vivotek VIVOTEK FD8136-VVTK 0300a version contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the motionprivacy.cgi binary file. When t...

UBUNTU-CVE-2025-60486

A heap use-after-free in the dasherprocess function /filters/dasher.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MPEG-2 file...

Malicious Package

Overview motion-tool is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

WordPress Animation Addons for Elementor – GSAP Motion Elementor Addons & Website Templates plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Animation Addons for Elementor versions = 2.6.3...