CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

DEBIAN-CVE-2026-12891

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS5.7AI score0.00265EPSS

Exploits0References1

OSV•added 6 days ago•3 views

UBUNTU-CVE-2026-12891

4.3CVSS5.7AI score0.00265EPSS

Exploits0References6

Cvelist•added 6 days ago•28 views

CVE-2026-12891 Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parser

4.3CVSS0.00265EPSS

Exploits0References3

EUVD•added 6 days ago•6 views

EUVD-2026-38606

4.3CVSS5.7AI score0.00265EPSS

Exploits0References3

Debian CVE•added 6 days ago•6 views

CVE-2026-12891

4.3CVSS5.7AI score0.00265EPSS

Exploits0

ATTACKERKB•added 6 days ago•4 views

CVE-2026-12891

4.3CVSS5.7AI score0.00265EPSS

Exploits0References4

RedhatCVE•added 6 days ago•5 views

CVE-2026-12891

4.3CVSS5.7AI score0.00265EPSS

Exploits0References4

Positive Technologies•added 6 days ago•10 views

PT-2026-51589

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the H.266 parser occurs when processing a malformed H.266/VVC video stream containing a crafted aspect ratio indicator value. This leads to an out-of-bounds read o...

4.3CVSS5.7AI score0.00265EPSS

Exploits0References9

Positive Technologies•added 2026/03/26 12:0 a.m.•12 views

PT-2026-28534

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The AVideo platform’s AI plugin contains a flaw in the save.json.php endpoint. This endpoint loads AI response objects using the $ REQUEST'id' parameter, which is controlled by the attacker,...

4.3CVSS5.9AI score0.00214EPSS

Exploits1References5

Tenable Nessus•added 2026/01/22 12:0 a.m.•5 views

Azure Linux 3.0 Security Update: exiv2 (CVE-2024-25112)

The version of exiv2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25112 advisory. - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of...

5.5CVSS5.5AI score0.00222EPSS

Exploits0References2

RedhatCVE•added 2025/10/20 6:23 p.m.•5 views

CVE-2025-62430

ClipBucket v5 is an open source video sharing platform. ClipBucket v5 through build 5.5.2 145 allows stored cross-site scripting XSS in multiple video and photo metadata fields. For videos the Tags field and the Genre, Actors, Producer, Executive Producer, and Director fields in Movieinfos accept...

5.4CVSS5.9AI score0.00239EPSS

Exploits1References1

NVD•added 2025/10/17 6:15 p.m.•3 views

CVE-2025-62430

5.4CVSS0.00239EPSS

Exploits1References2

EUVD•added 2025/10/17 5:50 p.m.•6 views

EUVD-2025-34915

5.4CVSS5.4AI score0.00239EPSS

Exploits1References2

Cvelist•added 2025/10/17 5:50 p.m.•6 views

CVE-2025-62430 ClipBucket v5 stored XSS via video/photo fields

5.4CVSS0.00239EPSS

Exploits1References2

Vulnrichment•added 2025/10/17 5:50 p.m.•3 views

CVE-2025-62430 ClipBucket v5 stored XSS via video/photo fields

5.4CVSS5.5AI score0.00239EPSS

Exploits1References2

OSV•added 2025/10/17 5:50 p.m.•3 views

CVE-2025-62430 ClipBucket v5 stored XSS via video/photo fields

5.4CVSS5.9AI score0.00239EPSS

Exploits1References4

CNNVD•added 2025/10/17 12:0 a.m.•3 views

ClipBucket 跨站脚本漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A cross-site scripting vulnerability exists in ClipBucket version 5.5.2 145 and prior versions, which stems from multiple video and photo metadata fields that are not...

5.4CVSS5.9AI score0.00239EPSS

Exploits1References3

Tenable Nessus•added 2025/08/25 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2015-6602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a 1 MP3 or 2 MP4 file, as demonstrated by an...

9.3CVSS6.5AI score0.0316EPSS

Exploits0References2

vulnersOsv•added 2025/04/30 5:41 p.m.•5 views

audio-video-metadata (>=0.1.0 <=0.1.7), fselect (>=0.3.2 <=0.8.11) +4 more potentially affected by unknown CVE via mp3-metadata (>=0.1.1 <=0.3.4)

mp3-metadata CARGO version =0.1.1, =0.1.0, =0.3.2, =0.1.2, =0.1.0, =0.2.2 Source cves: unknown CVE Source advisory: OSV:GHSA-927Q-G9W9-PM54...

5.8AI score

Exploits0

OSV•added 2024/07/08 4:15 p.m.•5 views

AZL-43224 CVE-2024-39695 affecting package exiv2 for versions less than 0.28.3-1

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds...

6.5CVSS5.7AI score0.00561EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by