Lucene search
K

60484 matches found

CVE
CVE
added 2026/03/20 10:48 p.m.12 views

CVE-2026-21732

CVE-2026-21732 affects the GPU shader compiler path used by Imagination Graphics DDK in various disclosures. The issue is described as an out-of-bounds write crash triggered by unusual GPU shader code, specifically when a web page contains shader input that is loaded into the GPU compiler process...

9.6CVSS5.9AI score0.00288EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/03/20 10:38 p.m.3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the setSliceHeaderIndex process. An attacker can cause a write operation to occur past the end of a heap allocation by submitting a specially crafted HEVC bitstream that manipulates the log2unitSize value aft...

6.8CVSS5.9AI score0.00232EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/20 10:20 p.m.3 views

CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/20 9:50 p.m.6 views

pyLoad SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration

Summary The setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option controls a file path that is passed directly to subprocess.run in the thread manager's reconnect logic. A SETTINGS...

8.8CVSS6.7AI score0.00529EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/20 9:17 p.m.4 views

CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS0.00232EPSS
Exploits1References3
OSV
OSV
added 2026/03/20 9:17 p.m.4 views

DEBIAN-CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5CVSS5.2AI score0.00232EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 9:17 p.m.10 views

ALPINE-CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5CVSS5.4AI score0.00232EPSS
Exploits1References1
NVD
NVD
added 2026/03/20 9:17 p.m.5 views

CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

7.8CVSS0.00165EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/03/20 9:17 p.m.2 views

CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.9AI score0.00232EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 9:17 p.m.4 views

UBUNTU-CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.7AI score0.00232EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/20 8:50 p.m.2 views

Directory Traversal

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Directory Traversal via the serveStatic utility. An attacker can access arbitrary files from backend storage by sending specially crafted request...

8.7CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/03/20 8:43 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the GetPreview and resizeImage functions during image preview generation. An attacker can exhaust CPU and memory resources by uploading highly compressed images with extremely...

7.1CVSS5.9AI score0.00318EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 8:32 p.m.16 views

CVE-2026-33165

libde265 prior to v1.0.17 is affected by a heap out-of-bounds write triggered by a crafted HEVC bitstream. The root cause is a stale ctb_info.log2unitSize after an SPS change, where PicWidthInCtbsY and PicHeightInCtbsY remain constant while Log2CtbSizeY changes, causing set_SliceHeaderIndex to in...

5.5CVSS5.7AI score0.00232EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:32 p.m.7 views

CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.7AI score0.00232EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2026/03/20 8:32 p.m.5 views

CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.2AI score0.00232EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2026/03/20 8:32 p.m.1 views

CVE-2026-33165

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctbinfo.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay...

5.5CVSS5.7AI score0.00232EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/20 8:7 p.m.5 views

EUVD-2026-13782

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

5.8CVSS6AI score0.00165EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/20 8:7 p.m.3 views

CVE-2026-33144 GPAC MP4Box Heap Buffer Overflow Write in gf_xml_parse_bit_sequence_bs (NHML BS Parsing)

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

5.8CVSS6AI score0.00165EPSS
Exploits1References2
CVE
CVE
added 2026/03/20 8:7 p.m.10 views

CVE-2026-33144

GPAC MP4Box has a heap-based out-of-bounds write vulnerability in the gf_xml_parse_bit_sequence_bs function (utils/xml_bin_custom.c) when processing crafted NHML files containing BitSequence () elements. The issue exists prior to commit 86b0e36 and can be triggered by a specially crafted NHML fil...

7.8CVSS6AI score0.00165EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/20 8:7 p.m.3 views

CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

7.8CVSS5.7AI score0.00165EPSS
Exploits1
Rows per page
Query Builder