20521 matches found
CVE-2026-54989 Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability
...
CVE-2026-54989
CVE-2026-54989 is a use-after-free in the Quality Windows Audio/Video Experience (QWAVE) service that enables a locally authenticated attacker to elevate privileges. The CVSS 3.1 metrics describe a Local attack with High impact on confidentiality, integrity, and availability, requiring LOW privil...
Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability
Use after free in Quality Windows Audio/Video Experience QWAVE service allows an authorized attacker to elevate privileges locally...
CVE-2026-15624
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...
CVE-2026-15624 nextlevelbuilder GoClaw invoke Endpoint create_video_byteplus.go bytePlusDownloadVideo server-side request forgery
A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...
EUVD-2026-43608
SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...
PT-2026-58730
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.125 Description A heap buffer overflow exists in the libyuv library. This issue allows a remote attacker to execute arbitrary code within a sandbox by providing a specially crafted video file...
CVE-2026-51821
SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...
CVE-2026-51821
SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...
CVE-2026-51821
Affected software: Shenzhou Shihan Video Conference System v1.0. Vulnerability: SQL Injection in the /user/getUserLogin endpoint. Root cause: Unsafely constructed SQL queries allow an attacker to inject arbitrary SQL. Impact: Remote attacker can execute arbitrary code with the system’s privileges...
CVE-2026-7544
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...
EUVD-2026-43128
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...
CVE-2026-7544
Summary (CVE-2026-7544) : The Mux Video Uploader WordPress plugin (≤ v1.1.4) is vulnerable to Sensitive Information Exposure via muxvideo_enqueue_settings_script. Authenticated users with subscriber-level access or higher can extract sensitive data, including Mux API credentials. The CVE notes th...
CVE-2026-7544 Mux Video Uploader <= 1.1.4 - Authenticated (Subscriber+) Information Exposure
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...
MINI-H263-QGXH-435F
Bulletin has no description...
EUVD-2026-42952
PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...
CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...
CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...
CVE-2026-12123
The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...
WordPress All-in-One Video Gallery plugin <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by KoreaInfoSec - Korea University in WordPress Plugin All-in-One Video Gallery versions = 4.8.5...