GO-2026-4989 MediaMTX affected by CVE-2026-27143 due to vulnerable dependency in github.com/bluenviron/mediamtx

MediaMTX affected by CVE-2026-27143 due to vulnerable dependency in github.com/bluenviron/mediamtx...

EUVD-2026-29761

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the...

CVE-2026-34654

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the...

GHSA-2CCX-CJJH-R2J8 MediaMTX affected by CVE-2026-27143 due to vulnerable dependency

Summary Release 1.17.1 seems affected by CVE-2026-27143. golang 1.25.9 Seems to solve the issue. Is there any new release planned? Details See https://nvd.nist.gov/vuln/detail/CVE-2026-27143...

Multiple vulnerabilities in silex technology SD-330AC and AMC Manager

Overview SD-330AC and AMC Manager provided by silex technology, Inc. contain multiple vulnerabilities listed below. Stack-based buffer overflow in processing the redirect URLs CWE-121 - CVE-2026-32955 Heap-based buffer overflow in processing the redirect URLs CWE-122 - CVE-2026-32956 Missing...

CVE-2026-23654

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

CVE-2026-23654

Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network...

abilian-sbe (>=1.1.0 <=1.1.12), acfx (>=0.3.1 <=0.3.7.dev1) +697 more potentially affected by CVE-2025-66221 +1 more via werkzeug (>=3.0.0 <=3.1.5)

werkzeug PYPI version =3.0.0, =1.1.0, =0.3.1, =4.11.0, =1.0.0, =0.1.3, =0.2.4.1, =0.0.1, =1.3.0, =0.1.0, =0.1.1, =0.5.7, =0.1.0, =0.4.0 and more Source cves: CVE-2025-66221, CVE-2026-27199 Source advisory: SNYK:PYTHON-WERKZEUG-15322677...

@enclave-vm/broker (=2.10.0), @enclave-vm/runtime (=2.10.0) potentially affected by CVE-2026-25533 via @enclave-vm/core (=2.10.0)

@enclave-vm/core NPM version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on @enclave-vm/core and may be impacted: - @enclave-vm/broker =2.10.0 - @enclave-vm/runtime =2.10.0 Source cves: CVE-2026-25533 Source advisory:...

GHSA-MRFV-M5WM-5W6W libsodium has Incomplete List of Disallowed Inputs

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory...

@cubenameservice/ui (>=0.0.1 <=0.0.14), @ensdomains/ui (>=3.0.40 <=3.3.35) +21 more potentially affected by unknown CVE via @ensdomains/mock (=2.1.51)

@ensdomains/mock NPM version =2.1.51 is affected by a known vulnerability. The following packages have a transitive dependency on @ensdomains/mock and may be impacted: - @cubenameservice/ui =0.0.1, =3.0.40, =0.0.29, =3.3.32, =0.0.30, =3.3.27, =0.0.1, =0.0.1, =0.0.27, =3.3.33, =0.0.3, =0.0.3,...

EUVD-2025-180210

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency...

EUVD-2025-29450

Malicious code in bioql PyPI...

Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow

...

mitmproxy binaries embed a vulnerable python-hyper/h2 dependency

mitmproxy 12.1.1 and below embed python-hyper/h2 ≤ v4.2.0, which has a gap in its HTTP/2 header validation. This enables request smuggling attacks when mitmproxy is in a configuration where it translates HTTP/2 to HTTP/1. For example, this affects reverse proxies to http:// backends. It does not...

MAL-2025-2585 Malicious code in vulnerable-dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39aee709a198819a063291a6ebb8c985b0335af324647cdc6492671701bfb294 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in vulnerable-dependency (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 39aee709a198819a063291a6ebb8c985b0335af324647cdc6492671701bfb294 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-GMC6-FWG3-75M5 Mimekit has vulnerable dependency that can lead to denial of service

Summary Denial of service vulnerability. Details See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/announcements/issues/312 PoC Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated Impact Denial of servi...

0.edsql (>=1.0.49 <=1.0.50), 10secondsofcode-custom (=1.0.0) +1916 more potentially affected by CVE-2023-32695 via socket.io-parser (>=4.0.5 <=4.2.2)

socket.io-parser NPM version =4.0.5, =1.0.49, =1.0.0, =0.0.28, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.1, =0.8.2, =1.0.0, =0.1.13, =0.0.4, =0.0.9 and more Source cves: CVE-2023-32695 Source advisory: OSV:GHSA-CQMJ-92XF-R6R9...

Karate has vulnerable dependency on json-smart package (CVE-2023-1370)

Summary The CVE How to fix it Very simple, just upgrade json-path package to 2.8.0 from 2.7.0 inside karate-core pom.xml ;...