PT-2026-37061

Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg attributes.c, svg parse strings, gf svg parse attribute...

CVE-2026-39103

GPAC contains a Buffer Overflow in the SVG attribute parsing path: src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute() that can lead to denial of service. The issue is tied to commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 (and is reflected across multiple advisories)...

CVE-2026-39103

Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svgattributes.c, svgparsestrings, gfsvgparseattribute...

CVE-2026-39103

Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svgattributes.c, svgparsestrings, gfsvgparseattribute...

aurelia path code injection vulnerability

aurelia path is part of the aurelia platform and contains utilities for path operations. A code injection vulnerability exists in aurelia path that exposes Aurelia applications that use the aurelia-path package to parse strings. No detailed vulnerability details are provided at this time...

Prototype Pollution

Overview locutus is a Locutus other languages' stadard libraries to JavaScript for fun and educational purposes Affected versions of this package are vulnerable to Prototype Pollution via the php.strings.parsestr function. POC: const locutus = require'locutus';...