364 matches found
CVE-2026-8714
A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error, causing the RTSP service to enter non-responsive state. Successful exploitation may cause the RTS...
CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token
LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...
GHSA-X7MM-9VVV-64W8 unhead: Streaming SSR `streamKey` injected into inline script without identifier validation
Summary createStreamableHead streamKey interpolated its streamKey argument directly into the streaming SSR bootstrap and suspense-chunk inline scripts without identifier validation or escaping. If an application forwards untrusted data into that configuration value, the rendered scripts become a...
Wowza Media Systems Wowza Streaming Engine 跨站请求伪造漏洞
Wowza Media Systems Wowza Streaming Engine is a powerful, customizable, and scalable media server software developed by Wowza Media Systems. It enables reliable streaming of high-quality video and audio to any device. Version 4.5.0 of Wowza Streaming Engine contains a cross-site request forgeing...
BIT-MASTODON-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-62176
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
EUVD-2025-34111
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
CVE-2025-62176
Summary : The Mastodon streaming server vulnerability CVE-2025-62176 allows OAuth clients lacking the read:statuses scope to subscribe to public timelines by using any valid authentication token. Affected versions : prior to 4.4.6, 4.3.14, and 4.2.27. Root cause : streaming server accepts events ...
CVE-2025-62176 Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allow...
EUVD-2006-1460
Malware in sbrugna...
EUVD-2006-1459
Malware in sbrugna...
EUVD-2003-0415
Malware in sbrugna...
EUVD-2004-0169
Malware in sbrugna...
EUVD-2003-0418
Malware in sbrugna...
EUVD-2019-3231
Malware in sbrugna...
EUVD-2003-0496
Malware in sbrugna...
EUVD-2003-0047
Malware in sbrugna...
EUVD-2005-2196
Malware in sbrugna...
EUVD-2004-0823
Malware in sbrugna...