Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.8 views

CVE-2026-8124

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidxboxread of the file src/isomedia/boxcodebase.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The...

5.5CVSS4.5AI score0.00159EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.12 views

PT-2026-46970

Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.21 through 26.00 Description An uninitialized memory disclosure exists in the UEFI capsule .scap parser. The OpenCapsule function allocates a heap buffer based on an attacker-declared CapsuleImageSize up to 1 GiB without...

7.8CVSS5.6AI score0.00277EPSS
Exploits1References33
OSV
OSV
added 2026/03/27 2:18 p.m.6 views

CVE-2026-33759 AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/playlistsVideos.json.php endpoint returns the full video contents of any playlist by ID without any authentication or authorization check. Private playlists including watchlater and favorite types are...

5.3CVSS5.8AI score0.00295EPSS
Exploits1References4
CVE
CVE
added 2026/03/23 1:53 p.m.14 views

CVE-2026-33352

CVE-2026-33352 affects WWBN AVideo (pre-26.0). An unauthenticated SQL injection exists in objects/category.php::getAllCategories() via the doNotShowCats parameter. The code only strips single quotes and does not neutralize backslashes, allowing boundary-shifting in the SQL built by string concate...

9.8CVSS5.8AI score0.00431EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder