20533 matches found
CVE-2026-15767
Summary of CVE-2026-15767 : A heap buffer overflow in libyuv used by Google Chrome on Windows allows remote code execution in the sandbox via a crafted video file. The issue is tied to Chrome prior to version 150.0.7871.125. In the connected advisories, Chrome’s July 2026 Stable Channel update li...
CVE-2026-54989
Use after free in Quality Windows Audio/Video Experience QWAVE service allows an authorized attacker to elevate privileges locally...
CVE-2026-49804
Heap-based buffer overflow in Windows USB Video Driver allows an unauthorized attacker to elevate privileges with a physical attack...
CVE-2026-49804 Windows USB Video Driver Elevation of Privilege Vulnerability
...
CVE-2026-49804
CVE-2026-49804 describes a heap-based buffer overflow in the Windows USB Video Driver that can allow an unauthorized attacker to elevate privileges via a physical attack. The vulnerability is characterized by a physical attack vector with low exploit complexity and the need for user interaction, ...
CVE-2026-49804 Windows USB Video Driver Elevation of Privilege Vulnerability
...
CVE-2026-54989 Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability
...
CVE-2026-54989
CVE-2026-54989 is a use-after-free in the Quality Windows Audio/Video Experience (QWAVE) service that enables a locally authenticated attacker to elevate privileges. The CVSS 3.1 metrics describe a Local attack with High impact on confidentiality, integrity, and availability, requiring LOW privil...
Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability
Use after free in Quality Windows Audio/Video Experience QWAVE service allows an authorized attacker to elevate privileges locally...
CVE-2026-15624
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...
CVE-2026-15624 nextlevelbuilder GoClaw invoke Endpoint create_video_byteplus.go bytePlusDownloadVideo server-side request forgery
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...
EUVD-2026-43608
SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...
PT-2026-58730
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.125 Description A heap buffer overflow exists in the libyuv library. This issue allows a remote attacker to execute arbitrary code within a sandbox by providing a specially crafted video file...
CVE-2026-51821
SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...
CVE-2026-51821
SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...
CVE-2026-51821
Affected software: Shenzhou Shihan Video Conference System v1.0. Vulnerability: SQL Injection in the /user/getUserLogin endpoint. Root cause: Unsafely constructed SQL queries allow an attacker to inject arbitrary SQL. Impact: Remote attacker can execute arbitrary code with the system’s privileges...
CVE-2026-7544
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...
EUVD-2026-43128
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...
CVE-2026-7544 Mux Video Uploader <= 1.1.4 - Authenticated (Subscriber+) Information Exposure
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...
CVE-2026-7544
Summary (CVE-2026-7544) : The Mux Video Uploader WordPress plugin (≤ v1.1.4) is vulnerable to Sensitive Information Exposure via muxvideo_enqueue_settings_script. Authenticated users with subscriber-level access or higher can extract sensitive data, including Mux API credentials. The CVE notes th...