Lucene search
K

1684 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52127

Name of the Vulnerable Software and Affected Versions MP4Box version 2.5-DEV-rev1593-gfe88c3545-master Description A heap use-after-free occurs when the gf filter pid inst swap delete task function in the filter core/filter pid.c component improperly accesses objects after they have been freed...

5.5CVSS5.8AI score0.0013EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52037

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid reconfigure task discard function located in /filter core/filter pid.c. A use-after-free occurs when a program continues to use a...

5.5CVSS5.7AI score0.00136EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/06/24 12:0 a.m.5 views

CVE-2025-60468

GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service local. The component is: filtercore/filterpid.c L:574-580: function gffilterpidinstswapdeletetask improperly accesses freed objects...

5.7AI score0.0013EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52139

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid get packet function located in /filter core/filter pid.c. This occurs when the software processes a specially crafted media file, whic...

5CVSS5.7AI score0.00121EPSS
Exploits1References11
Cvelist
Cvelist
added 2026/06/24 12:0 a.m.26 views

CVE-2025-60466

A use-after-free in the gffilterpidgetpacket function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

0.00121EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/24 12:0 a.m.16 views

CVE-2025-60467

A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...

0.0051EPSS
Exploits1References5
CVE
CVE
added 2026/06/24 12:0 a.m.6 views

CVE-2025-60473

GPAC MP4Box before 26.02.0 is affected by a NULL pointer dereference in gf_filter_in_parent_chain (filter_core/filter_pid.c), enabling a Denial of Service when processing a crafted file. The issue is a code-level null dereference in the parent-chain filtering logic, with a CVSS v3.1 base score of...

5.5CVSS5.9AI score0.00141EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2026/06/24 12:0 a.m.6 views

CVE-2025-60468

GPAC MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by a heap use-after-free in gf_filter_pid_inst_swap_delete_task() within filter_core/filter_pid.c during PID instance swap/delete cleanup. A local, authenticated user processing crafted MPEG-2 TS/MP4 inputs can trigger the bug, causing a c...

5.5CVSS5.7AI score0.0013EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/23 10:16 p.m.4 views

GHSA-F2R5-5M7W-P5CX opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent

Summary An unprivileged process can easily trigger the processPIDEvents goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the openat2 syscall forever and the profiler can no longer work properly, it is a denial of servic...

6.2CVSS5.8AI score0.00017EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51617

Name of the Vulnerable Software and Affected Versions opentelemetry-ebpf-profiler versions prior to 0.0.202622 Description An unprivileged process can cause a denial of service on the ebpf-profiler agent by triggering the processPIDEvents goroutine to block indefinitely. This occurs when the...

6.2CVSS5.9AI score0.00017EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:51 p.m.7 views

CVE-2017-20280

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...

8.8CVSS6AI score0.00237EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 4:51 p.m.31 views

CVE-2017-20280 Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...

8.8CVSS0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 4:51 p.m.4 views

EUVD-2017-19007

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...

8.8CVSS6AI score0.00237EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 4:51 p.m.13 views

CVE-2017-20280

8.8CVSS6AI score0.00237EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50961

Name of the Vulnerable Software and Affected Versions Joomla Component Myportfolio version 3.0.2 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...

8.8CVSS5.9AI score0.00237EPSS
Exploits0References6
NVD
NVD
added 2026/06/18 6:16 p.m.12 views

CVE-2026-48986

pamusb provides hardware authentication for Linux using removable media. In pamusb 0.9.1 and earlier, usbgetprocessparentid can cause an infinite loop DoS because it does not initialize ppid on failure. In pusblocallogin, the same variable is reused as input and output in a process-tree while loo...

4.7CVSS0.00104EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/17 2:1 p.m.4 views

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory vulnerability discovered by ? in WordPress Npm chrome-devtools-mcp versions = 0.20.0, = 1.0.1...

6.1CVSS5.8AI score0.00077EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/06/17 2:1 p.m.13 views

Symlink Attack

Overview chrome-devtools-mcp is a MCP server for Chrome DevTools Affected versions of this package are vulnerable to Symlink Attack in the fs.writeFileSync process when writing the PID file to a runtime directory under /tmp if $XDGRUNTIMEDIR is unset. An attacker can overwrite or truncate arbitra...

6.9CVSS6AI score0.00077EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50471

Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp affected versions not specified Description On POSIX systems, specifically macOS and Linux sessions where the XDG RUNTIME DIR environment variable is unset, the daemon writes its PID file to a deterministic path in /tmp usi...

6.1CVSS5.4AI score0.00077EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.5 views

Pi-Hole Web 6.x < 6.4.2 (Core) Local Privilege Escalation (CVE-2026-41489)

According to its self-reported Core version, the Pi-Hole instance on the remote host is running a Core version between 6.0 and prior to 6.4.2. It is, therefore, affected by a local privilege escalation vulnerability: - Two shell scripts executed as root by systemd pihole-FTL-prestart.sh and...

8.8CVSS5.4AI score0.00132EPSS
Exploits0References2
Rows per page
Query Builder