2218 matches found
CVE-2026-12123
CVE-2026-12123 describes a Server-Side Request Forgery in the WordPress plugin All-in-One Video Gallery (versions
CVE-2025-15667
A vulnerability was determined in GPAC up to 2.5-DEV. This vulnerability affects the function gfisomnalusamplerewrite of the file src/isomedia/avcext.c of the component MP4Box. This manipulation of the argument naluoutbs causes double free. It is possible to launch the attack on the local host. T...
PT-2026-55929
Name of the Vulnerable Software and Affected Versions GPAC versions prior to 2.5-DEV Description A double free occurs in the MP4Box component within the gf isom nalu sample rewrite function located in the src/isomedia/avc ext.c file. This issue is triggered by the manipulation of the nalu out bs...
EUVD-2026-41218
A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
EUVD-2026-41217
An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36909
A NULL pointer dereference in the AP4TkhdAtom::GetTrackId function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36911
A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36910
An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36912
A NULL pointer dereference in the AP4AtomSampleTable::GetSample function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36909
A NULL pointer dereference in the AP4TkhdAtom::GetTrackId function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36910
An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36911
A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36911
Summary of CVE-2026-36911 (MPC-BE) : A division-by-zero vulnerability exists in the file parsing/processing path: the function CStreamSwitcherOutputPin::DecideBufferSize in MPC-BE (before commit 4341cb3). This can be triggered by a crafted MP4 file, leading to a Denial of Service . Affected softw...
PT-2026-54757
Name of the Vulnerable Software and Affected Versions Aleksoid1978 MPC-BE versions prior to commit 4341cb3 Description A NULL pointer dereference occurs in the AP4 AtomSampleTable::GetSample function. This issue allows an attacker to trigger a Denial of Service DoS by providing a specially crafte...
CVE-2026-36907
A stack overflow in the AP4StsdAtom::AP4StsdAtom component of axiomatic-systems Bento4 before v1.8.9allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2026-36908
CVE-2026-36908 affects Bento4 prior to v1.8.9, where a stack overflow in AP4_Array::EnsureCapacity can lead to DoS via a crafted MP4 file. The available documents confirm the component and impact but do not provide explicit remediation steps or exploitation details. Further details on fixes are n...
CVE-2025-60473
A NULL pointer dereference in the gffilterinparentchain function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...
CVE-2025-60464
GPAC MP4Box contains a use-after-free in gf_sei_load_from_state_internal (in /filters/sei_load.c) affecting builds before 26.02.0. This vulnerability can allow a Denial of Service when processing a crafted MPEG-2 TS file. The issue is described across multiple sources (NVD/NVD variant, AttackersK...
Oracle Linux 9 : nginx (ELSA-2026-19374)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19374 advisory. - Resolves: RHEL-176232 - nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 - RHEL-159560 CVE-2026-27654 nginx: NGINX: Denial of Service or...
nginx:1.24 security update
1.24.0-3.0.1.2 - Remove Red Hat references Orabug: 29498217 1:1.24.0-3.2 - Resolves: RHEL-178676 - nginx:1.24/nginx: code execution and denial of service CVE-2026-9256 - Resolves: RHEL-182543 - nginx: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack 1:1.24.0-3.1 -...