CVE-2026-34780

A flaw was found in Electron, a framework for building cross-platform desktop applications. An attacker capable of executing JavaScript in the main world, for instance through a cross-site scripting XSS vulnerability, could exploit this flaw. By passing VideoFrame objects from the WebCodecs API...

CVE-2026-34780

CVE-2026-34780 / GHSA-jfqg-hf23-qpw2 : Electron context isolation bypass via VideoFrame transfer across contextBridge. If a preload script exposes a bridged VideoFrame to the main world (e.g., via contextBridge.exposeInMainWorld), an attacker with JavaScript in the main world (such as via XSS) ca...

Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

RTSP Unauthenticated Stream Exposure Checker

This Python script uses the OpenCV library cv2 to test whether an IP camera exposes its RTSP stream without authentication. It attempts to connect to the default RTSP endpoint rtsp://:554/default and checks if the stream can be opened and a video frame retrieved successfully. If the connection...

MiracleLinux 9 : thunderbird-128.4.0-1.el9_4.ML.1 (AXSA:2024-8973:27)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8973:27 advisory. firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox:...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-53104)

media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvcparsestreaming. This plugin only works with Tenable.ot. Please visit...

EUVD-2008-5222

Malware in sbrugna...

EUVD-2011-0497

Malware in sbrugna...

EUVD-2022-41751

Malicious code in bioql PyPI...

CVE-2023-21193

In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233006499...

CVE-2022-39212

Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. In affected versions an attacker could see the last video frame of any participant who has video disabled but a camera selected. It is recommended that the Nextcloud Talk app is upgraded to 13.0.8 or...

Amazon Linux 2 : thunderbird (ALAS-2025-2789)

The version of thunderbird installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2789 advisory. A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This...

Important: thunderbird

Issue Overview: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132. CVE-2024-10458 An attacker could have caused a...

Important: thunderbird

Issue Overview: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132. CVE-2024-10458 An attacker could have caused a...

Amazon Linux 2 : thunderbird (ALAS-2025-2765)

The version of thunderbird installed on the remote host is prior to 128.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2765 advisory. A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This...

CVE-2018-9354

In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial of service due to divide by 0. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android that stems from a divide-by-zero error in the VideoFrameScheduler::PLL::fit method in the VideoFrameScheduler.cpp file, which could lead to a remote denial of service. No...

PT-2024-10640 · Unknown · Videoframescheduler

Name of the Vulnerable Software and Affected Versions: VideoFrameScheduler affected versions not specified Description: The issue is related to a possible remote denial of service due to a divide by 0 error in the VideoFrameScheduler::PLL::fit function in VideoFrameScheduler.cpp. This could lead ...

Mageia: Security Advisory (MGASA-2024-0350)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0349 Updated nspr, nss, firefox & rust packages fix security vulnerabilities

Permission leak via embed or object elements. CVE-2024-10458 Use-after-free in layout with accessibility. CVE-2024-10459 Confusing display of origin for external protocol handler prompt. CVE-2024-10460 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response...