1684 matches found
PT-2026-52127
Name of the Vulnerable Software and Affected Versions MP4Box version 2.5-DEV-rev1593-gfe88c3545-master Description A heap use-after-free occurs when the gf filter pid inst swap delete task function in the filter core/filter pid.c component improperly accesses objects after they have been freed...
PT-2026-52037
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid reconfigure task discard function located in /filter core/filter pid.c. A use-after-free occurs when a program continues to use a...
CVE-2025-60468
GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service local. The component is: filtercore/filterpid.c L:574-580: function gffilterpidinstswapdeletetask improperly accesses freed objects...
PT-2026-52139
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A use-after-free issue exists in the gf filter pid get packet function located in /filter core/filter pid.c. This occurs when the software processes a specially crafted media file, whic...
CVE-2025-60466
A use-after-free in the gffilterpidgetpacket function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...
CVE-2025-60467
A use-after-free in the gffilterpidinstswapdeletetask function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted media file...
CVE-2025-60473
GPAC MP4Box before 26.02.0 is affected by a NULL pointer dereference in gf_filter_in_parent_chain (filter_core/filter_pid.c), enabling a Denial of Service when processing a crafted file. The issue is a code-level null dereference in the parent-chain filtering logic, with a CVSS v3.1 base score of...
CVE-2025-60468
GPAC MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by a heap use-after-free in gf_filter_pid_inst_swap_delete_task() within filter_core/filter_pid.c during PID instance swap/delete cleanup. A local, authenticated user processing crafted MPEG-2 TS/MP4 inputs can trigger the bug, causing a c...
GHSA-F2R5-5M7W-P5CX opentelemetry-ebpf-profiler: Unprivileged process can trigger a denial of service on the ebpf-profiler agent
Summary An unprivileged process can easily trigger the processPIDEvents goroutine to be blocked indefinitely, preventing the goroutine from analyzing any new ELF file. The goroutine stays blocked in the openat2 syscall forever and the profiler can no longer work properly, it is a denial of servic...
PT-2026-51617
Name of the Vulnerable Software and Affected Versions opentelemetry-ebpf-profiler versions prior to 0.0.202622 Description An unprivileged process can cause a denial of service on the ebpf-profiler agent by triggering the processPIDEvents goroutine to block indefinitely. This occurs when the...
CVE-2017-20280
Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...
CVE-2017-20280 Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter
Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...
EUVD-2017-19007
Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid...
CVE-2017-20280
影
PT-2026-50961
Name of the Vulnerable Software and Affected Versions Joomla Component Myportfolio version 3.0.2 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...
CVE-2026-48986
pamusb provides hardware authentication for Linux using removable media. In pamusb 0.9.1 and earlier, usbgetprocessparentid can cause an infinite loop DoS because it does not initialize ppid on failure. In pusblocallogin, the same variable is reused as input and output in a process-tree while loo...
NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory
NPM: Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory vulnerability discovered by ? in WordPress Npm chrome-devtools-mcp versions = 0.20.0, = 1.0.1...
Symlink Attack
Overview chrome-devtools-mcp is a MCP server for Chrome DevTools Affected versions of this package are vulnerable to Symlink Attack in the fs.writeFileSync process when writing the PID file to a runtime directory under /tmp if $XDGRUNTIMEDIR is unset. An attacker can overwrite or truncate arbitra...
PT-2026-50471
Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp affected versions not specified Description On POSIX systems, specifically macOS and Linux sessions where the XDG RUNTIME DIR environment variable is unset, the daemon writes its PID file to a deterministic path in /tmp usi...
Pi-Hole Web 6.x < 6.4.2 (Core) Local Privilege Escalation (CVE-2026-41489)
According to its self-reported Core version, the Pi-Hole instance on the remote host is running a Core version between 6.0 and prior to 6.4.2. It is, therefore, affected by a local privilege escalation vulnerability: - Two shell scripts executed as root by systemd pihole-FTL-prestart.sh and...