CVE-2026-36538

Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying...

DEBIAN-CVE-2025-70116

A NULL pointer dereference in GPAC MP4Box: when parsing certain truncated MP4 files, an unknown/invalid stsd entry can result in missing descriptor fields e.g., codec/mime/profile strings. gfmediamapesd then calls strlen on a NULL pointer, triggering a crash ASan SEGV...

BIT-JOOMLA-2026-48899 Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins

An improper access check allows privilege escalation through the comusers batch task...

CVE-2026-36538

Netis AC1200 Router NC21 (firmware v4.0.1.4296) is affected by a hard-coded root credential stored in /etc/shadow.sample, with the root password set to root. This enables an attacker with device access to authenticate as root and take full control of the OS. The connected Red Hat/NVD entries corr...

PT-2026-43705

Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying...

CVE-2026-36538

Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the underlying...

CVE-2026-9572

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function MediaGetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. Th...

CVE-2026-9572 GPAC MP4Box media.c Media_GetSample memory leak

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function MediaGetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. Th...

CVE-2026-48899

The CVE-2026-48899 entry concerns Joomla! Core and related sample-data plugins where an improper access check allows privilege escalation via the com_users batch task. The affected surface is core components handling sample data and batch tasks; root cause is insufficient authorization checks ena...

CVE-2026-48899 Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins

An improper access check allows privilege escalation through the comusers batch task...

CVE-2026-48899 Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins

An improper access check allows privilege escalation through the comusers batch task...

GPAC 安全漏洞

GPAC is an open-source multimedia framework developed by GPAC. Versions of GPAC prior to 2.4.0 have security vulnerabilities. These vulnerabilities stem from improper handling of the cat parameter in the MediaGetSample function within the MP4Box component, which can lead to memory leaks...

PT-2026-43380

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. T...

Faction 访问控制错误漏洞

Faction is an open-source report generation and evaluation framework developed by Faction Security. Versions of Faction prior to 1.8.3 contained a access control vulnerability. This vulnerability stemmed from AccessControlInterceptor unconditionally calling invocation.invoke without checking vali...

MAL-2026-4306 Malicious code in auth0-sample-dus-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11085e4f685d863ed2e5196febd3ade6b5b64e18d19bb57d779d04e27a360df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in auth0-sample-dus-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e11085e4f685d863ed2e5196febd3ade6b5b64e18d19bb57d779d04e27a360df Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Heap-based Buffer Overflow in Microsoft

the bug is at DnsQueryRaw function to be specific, inside DnsRa...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the core sequence parsing process. An attacker can cause a crash or denial of service by providing a specially crafted HEIF file that manipulates the stco.entrycount, saio.entrycount, and saiz.samplecount values to...

DEBIAN-CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...