CVE-2026-9989

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. Chromium security severity: High...

CVE-2026-8573

Google Chrome on Windows is affected by CVE-2026-8573 due to an integer overflow in Codecs, enabling a remote attacker to potentially escape the sandbox via a crafted video file. Affected versions are Windows builds prior to 148.0.7778.168; remediation is to update to 148.0.7778.168 or newer. Chr...

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero in the qtdemuxaudiocaps function of the isomp4 plugin when parsing MP4 audio tracks. An attacker can cause a denial of service by supplying crafted atom data that triggers an integer division by zero. Remediation A fix...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability, which was caused by an out-of-bounds write issue in the Codecs component. This vulnerability could allow remote attackers to execute a sandbox escap...

nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files

A flaw was found in NGINX's ngxhttpmp4module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead ...

CVE-2026-6921

Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. Chromium security severity: Medium...

Linux Distros Unpatched Vulnerability : CVE-2026-5910

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file...

CVE-2025-70299

A heap overflow in the aviparseinputfile function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted AVI file...

CVE-2025-70303

CVE-2025-70303 concerns GPAC v2.4.0, where the uncv_parse_config() function is vulnerable to a heap overflow (CNVD and Red Hat listings corroborate as a DoS risk). Exploitation involves processing a crafted MP4 file, leading to denial of service. Connected sources consistently describe a DoS outc...

CVE-2025-41016

Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms//”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images...

CVE-2025-11216

Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. Chromium security severity: Low...

CVE-2025-11216

Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. Chromium security severity: Low...

0-DAY

0-DAYzero-day !Repo Statushttps://img.shields.io/badge/...

EUVD-2022-27213

Malicious code in bioql PyPI...

EUVD-2025-14622

Malicious code in bioql PyPI...

EUVD-2025-8988

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-7208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The decoderesidual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service buffer over-read or obtain sensitive information fr...

Linux Distros Unpatched Vulnerability : CVE-2019-20628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use- After-Free vulnerability in gfm2tsprocesspmt in...

Linux Distros Unpatched Vulnerability : CVE-2019-20632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gfodfdeletedescriptor in...

Linux Distros Unpatched Vulnerability : CVE-2018-13302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In FFmpeg 4.0.1, improper handling of frame types other than EAC3FRAMETYPEINDEPENDENT that have multiple independent substreams in the handleeac3 function in...