Lucene search
+L

20521 matches found

Cvelist
Cvelist
added 4 days ago23 views

CVE-2026-54989 Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability

...

7CVSS0.00204EPSS
Exploits0References1
CVE
CVE
added 4 days ago8 views

CVE-2026-54989

CVE-2026-54989 is a use-after-free in the Quality Windows Audio/Video Experience (QWAVE) service that enables a locally authenticated attacker to elevate privileges. The CVSS 3.1 metrics describe a Local attack with High impact on confidentiality, integrity, and availability, requiring LOW privil...

7CVSS6AI score0.00204EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 4 days ago8 views

Quality Windows Audio/Video Experience (QWAVE) Elevation of Privilege Vulnerability

Use after free in Quality Windows Audio/Video Experience QWAVE service allows an authorized attacker to elevate privileges locally...

7CVSS6.1AI score0.00204EPSS
Exploits0
NVD
NVD
added 4 days ago6 views

CVE-2026-15624

A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...

6.5CVSS0.00209EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-15624 nextlevelbuilder GoClaw invoke Endpoint create_video_byteplus.go bytePlusDownloadVideo server-side request forgery

A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...

6.5CVSS0.00209EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-43608

SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...

9.8CVSS6.4AI score0.00527EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-58730

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.125 Description A heap buffer overflow exists in the libyuv library. This issue allows a remote attacker to execute arbitrary code within a sandbox by providing a specially crafted video file...

8.8CVSS6.4AI score0.00328EPSS
Exploits0References19
NVD
NVD
added 5 days ago6 views

CVE-2026-51821

SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...

9.8CVSS0.00527EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-51821

SQL Injection vulnerability in Shenzhou Shihan Video Conference System v.1.0 allows a remote attacker to execute arbitrary code via the /user/getUserLogin endpoint...

0.00527EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-51821

Affected software: Shenzhou Shihan Video Conference System v1.0. Vulnerability: SQL Injection in the /user/getUserLogin endpoint. Root cause: Unsafely constructed SQL queries allow an attacker to inject arbitrary SQL. Impact: Remote attacker can execute arbitrary code with the system’s privileges...

9.8CVSS6.4AI score0.00527EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-7544

The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...

4.3CVSS0.00237EPSS
Exploits0References6
EUVD
EUVD
added last week7 views

EUVD-2026-43128

The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...

4.3CVSS6.1AI score0.00237EPSS
Exploits0References6
CVE
CVE
added last week14 views

CVE-2026-7544

Summary (CVE-2026-7544) : The Mux Video Uploader WordPress plugin (≤ v1.1.4) is vulnerable to Sensitive Information Exposure via muxvideo_enqueue_settings_script. Authenticated users with subscriber-level access or higher can extract sensitive data, including Mux API credentials. The CVE notes th...

4.3CVSS6.1AI score0.00237EPSS
Exploits0References6
Cvelist
Cvelist
added last week36 views

CVE-2026-7544 Mux Video Uploader <= 1.1.4 - Authenticated (Subscriber+) Information Exposure

The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...

4.3CVSS0.00237EPSS
Exploits0References6
OSV
OSV
added 2026/07/11 1:26 a.m.3 views

MINI-H263-QGXH-435F

Bulletin has no description...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
EUVD
EUVD
added 2026/07/10 4:37 p.m.7 views

EUVD-2026-42952

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...

5.1CVSS6.2AI score0.00269EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 4:37 p.m.30 views

CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...

5.1CVSS0.00269EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 4:37 p.m.4 views

CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...

5.1CVSS6.2AI score0.00269EPSS
Exploits0References5
NVD
NVD
added 2026/07/10 7:16 a.m.7 views

CVE-2026-12123

The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.8.5 via the 'vdl' parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locatio...

6.4CVSS0.00246EPSS
Exploits0References12
Patchstack
Patchstack
added 2026/07/10 6:40 a.m.5 views

WordPress All-in-One Video Gallery plugin <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by KoreaInfoSec - Korea University in WordPress Plugin All-in-One Video Gallery versions = 4.8.5...

6.4CVSS6.1AI score0.00246EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder