Lucene search
K

1022 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 8:16 a.m.9 views

CVE-2026-12319

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the Audio/Video: Playback component...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 6:21 p.m.29 views

CVE-2026-49246 Jellyfin: Potential MKV attachment filename path traversal to RCE

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during playback. Jellyfin treats the MKV file name tag on MKV attachments as trusted and passes it...

6.3CVSS0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 6:21 p.m.4 views

CVE-2026-49246

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during playback. Jellyfin treats the MKV file name tag on MKV attachments as trusted and passes it...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS6.1AI score0.00469EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

7.5CVSS7AI score0.00687EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the RDPSND async playback thread could process queued PDUs after the channel was closed and its internal state was freed, resulting in a use after free in rdpsndtreatwave. This vulnerability has been fixed i...

8.7CVSS5.3AI score0.00534EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52066

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description Missing path sanitization during playback allows the use of a specially crafted MKV file with forged filename tags to redirect attachment extraction to any absolute path on the disk. This occurs...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 6:32 p.m.3 views

GHSA-RW9Q-97R9-8GVH motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6AI score0.00623EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/23 6:32 p.m.9 views

motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6AI score0.00623EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51644

Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description An absolute path traversal issue exists in multiple media file handlers within the media playback and download functionality. The affected handlers accept a user-controlled filename parameter and...

8.7CVSS6AI score0.00623EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.7 views

Fedora 43 : webkitgtk (2026-1557aaef26)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1557aaef26 advisory. Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when...

8.8CVSS6.8AI score0.00693EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.7 views

SUSE CVE-2026-12319

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/19 1:10 a.m.10 views

[SECURITY] Fedora 43 Update: vorbis-tools-1.4.3-4.fc43

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor...

8.2CVSS5.3AI score0.00515EPSS
Exploits0
Fedora
Fedora
added 2026/06/17 8:44 a.m.9 views

[SECURITY] Fedora 44 Update: vorbis-tools-1.4.3-5.fc44

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The vorbis package contains an encoder, a decoder, a playback tool, and a comment editor...

8.2CVSS5.2AI score0.00515EPSS
Exploits0
NVD
NVD
added 2026/06/16 1:16 p.m.13 views

CVE-2026-12319

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

6.5CVSS0.0021EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 1:16 p.m.5 views

UBUNTU-CVE-2026-12319

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

6.5CVSS5.8AI score0.0021EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/16 11:52 a.m.7 views

CVE-2026-12319 Denial-of-service in the Audio/Video: Playback component

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

5.2AI score0.0021EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/16 11:52 a.m.7 views

CVE-2026-12319

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

6.5CVSS5.3AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 11:52 a.m.9 views

EUVD-2026-37110

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/16 11:52 a.m.34 views

CVE-2026-12319 Denial-of-service in the Audio/Video: Playback component

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

0.0021EPSS
Exploits0References3
Rows per page
Query Builder