1222 matches found
Schneider Electric U.motion Builder - SQL Injection
The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...
PT-2026-42737
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle playlist endpoint function hooked to template redirect accepting a user-controlled playlist ID via the audioigniter playlist id query var or t...
libheif 缓冲区错误漏洞
LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability arises from the fact that the number of samples declared in the saiz frame exceeds the...
MAL-2026-4471 Malicious code in @zesyn/zeditor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c8e293ad2413e2e04b9ce3411d1650381143b104c40bbcb4a17c1140c9ef912 The package advertises itself as a browser rich-text editor, but on every new Zeditor... instantiation it waits 2 seconds and then POSTs end-user...
Astra Linux - уязвимость в liblivemedia
Live555 version 1.08 does not handle Matroska and Ogg files properly. Sending two consecutive RTSP SETUP commands for the same track causes a Use-After-Free error and results in a crash of the daemon...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: The issue of error recovery leading to data corruption on ESE devices has been fixed. Extent Space Efficient ESE or thin-provisioned volumes need to be formatted on demand during normal IO processing. The...
webkitgtk: A website may be able to track users through Safari web extensions
A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...
CVE-2026-44482 soundcloud-rpc: Remote Code Execution via XSS in Track Title
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...
CVE-2026-44482 soundcloud-rpc: Remote Code Execution via XSS in Track Title
soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...
CVE-2026-44482
CVE-2026-44482 affects the SoundCloud Client app (soundcloud-rpc) built on Electron. Before 0.1.8, a track title could contain an HTML payload that, via the preload API window.soundcloudAPI.sendTrackUpdate and IPC to the Electron main process, is rendered as raw HTML in privileged views with Node...
webkitgtk: A website may be able to track users through Safari web extensions
A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...
GHSA-98QH-XJC8-98PQ vulnerabilities
Vulnerabilities for packages: flyway, kayenta, keycloak-fips, druid, ghidra, nacos, dependency-track-apiserver, guacamole-client, geoserver, camunda, dependency-track, flyway-fips, camunda-zeebe, apicurio-registry, apache-hop, debezium, hono, apache-hop-fips, seata, nacos-docker, nuxeo,...
CVE-2026-42198 vulnerabilities
Vulnerabilities for packages: flyway, kayenta, keycloak-fips, druid, ghidra, nacos, dependency-track-apiserver, guacamole-client, geoserver, camunda, dependency-track, flyway-fips, camunda-zeebe, apicurio-registry, apache-hop, debezium, hono, apache-hop-fips, seata, nacos-docker, nuxeo,...
CVE-2026-42198 vulnerabilities
Vulnerabilities for packages: debezium, thingsboard, druid, flyway, dependency-track, apicurio-registry, sonarqube, keycloak...
GHSA-98QH-XJC8-98PQ vulnerabilities
Vulnerabilities for packages: debezium, thingsboard, druid, flyway, dependency-track, apicurio-registry, sonarqube, keycloak...
CVE-2026-7739
A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxerprev/tsMuxer/hevc.cpp. This manipulation of the argument trackid causes denial of service. The attack requires local access. The exploit has...
CVE-2026-7740 justdan96 tsMuxer vvc.cpp setFPS denial of service
A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument trackid leads to denial of service. An attack has to be approached locally. The exploit has been disclosed...
EUVD-2026-26923
A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument trackid leads to denial of service. An attack has to be approached locally. The exploit has been disclosed...
CVE-2026-7740
The CVE concerns justdan96 tsMuxer up to 2.7.0. The vulnerability is in VvcVpsUnit::setFPS (tsMuxer/vvc.cpp) where manipulation of the track_id argument can cause a denial of service. Local attack vector; exploit has been publicly disclosed. Affected products are noted as no longer maintained by ...
CVE-2026-7739 justdan96 tsMuxer hevc.cpp setFPS denial of service
A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxerprev/tsMuxer/hevc.cpp. This manipulation of the argument trackid causes denial of service. The attack requires local access. The exploit has...