Lucene search
K

364310 matches found

NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2025-55652

A heap buffer overflow in the gfisomvpconfignew function isomedia/avcext.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00202EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2025-55660

A stack overflow in the gfopusreadlength function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00202EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2025-55661

A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00202EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2025-55645

A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00235EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2025-55644

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2025-55643

A NULL pointer dereference in the TrackWriter handling component filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2025-55647

An Out-of-Memory in the mp4muxcencinsertpssh function filters/muxisom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2025-55648

A heap buffer overflow in the gfopusparsepacketheader function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00235EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2025-55649

A NULL pointer dereference in the gfmediamapesd function mediatools/isomtools.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2025-55642

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmxprocess function isomedia/isomwrite.c...

6.5CVSS0.00363EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 8:16 p.m.7 views

CVE-2025-55641

A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 6:16 p.m.17 views

CVE-2026-8356

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose...

6.9CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.10 views

CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its...

6.9CVSS0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.11 views

CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small...

6.9CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.14 views

CVE-2026-6047

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

6.9CVSS0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.15 views

CVE-2026-8357

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element pa...

7.8CVSS0.00139EPSS
Exploits0References6
NVD
NVD
added 2026/06/15 6:16 p.m.13 views

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

7.3CVSS0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 6:16 p.m.15 views

CVE-2026-6039

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose...

6.9CVSS0.00157EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.16 views

CVE-2026-49294

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

6.1CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 6:16 p.m.14 views

CVE-2026-47777

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 6:16 p.m.19 views

CVE-2026-20262

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS0.07683EPSS
Exploits2References2
NVD
NVD
added 2026/06/15 4:16 p.m.12 views

CVE-2026-9595

Impact: When a user-configured proxy on webpack-dev-server has a broad context e.g. / and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev server's Host/Origin...

5.3CVSS0.00163EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 4:16 p.m.8 views

CVE-2026-9862

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

9.8CVSS0.00865EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 4:16 p.m.8 views

CVE-2026-9863

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

8.8CVSS0.00579EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 4:16 p.m.11 views

CVE-2026-5038

Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe call does not propagate the stream destroy signal to the...

7.5CVSS0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 4:16 p.m.10 views

CVE-2026-8683

Mattermost Desktop App versions =6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application via including a script to call window.open on a very large URL. Mattermost Advisory ID:...

6.5CVSS0.00199EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 4:16 p.m.12 views

CVE-2025-15659

Contributor Cross Site Scripting XSS in Elizaibots = 1.0.2 versions...

6.5CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 4:16 p.m.12 views

CVE-2026-10634

Zephyr's native TCP stack iterates the global connection list in nettcpforeach subsys/net/ip/tcp.c using the SYSSLISTFOREACHCONTAINERSAFE macro, which caches a pointer to the next list node. Prior to this fix the function released tcplock while invoking the per-connection callback and re-acquired...

5.3CVSS0.00274EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 4:16 p.m.14 views

CVE-2025-15658

Administrator Cross Site Scripting XSS in WP Emmet = 0.3.4 versions...

5.9CVSS0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.17 views

CVE-2026-5233

Improper Control of Interaction Frequency vulnerability in MIA Technology Inc. Pizzy Library allows Flooding. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.12 views

CVE-2026-5079

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

7.5CVSS0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 2:16 p.m.14 views

CVE-2026-5230

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

7.1CVSS0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.10 views

CVE-2026-6517

Mattermost Desktop App versions =6.1 5.5.13.0 fail to restrict the allow list of domains to which NTLM credentials were forwarded to in the Mattermost Desktop App which allows any user on a server without the image proxy enabled to intercept other users credentials via embedding an image that...

7.7CVSS0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.18 views

CVE-2026-5242

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

8.8CVSS0.00304EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.14 views

CVE-2026-52704

Improper Control of Generation of Code 'Code Injection' vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remote Code Inclusion. This issue affects WooCommerce PDF Invoice Builder: from n/a through 2.0.8...

10CVSS0.00314EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.14 views

CVE-2026-49064

Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects GetPaid: from n/a through 2.8.49...

7.5CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.13 views

CVE-2026-49111

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

8.8CVSS0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.17 views

CVE-2026-49062

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...

8.8CVSS0.0029EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.11 views

CVE-2026-48969

Subscriber Broken Access Control in Really Simple SSL = 9.5.9 versions...

6.5CVSS0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.10 views

CVE-2018-25436

WordPress Plugin Baggage Freight Shipping Australia 0.1.0 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files by exploiting the upload-package.php endpoint. Attackers can submit POST requests with malicious file extensions to the uplo...

9.8CVSS0.00661EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 2:16 p.m.19 views

CVE-2016-20084

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

7.2CVSS0.00245EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 2:16 p.m.13 views

CVE-2018-25437

WordPress CherryFramework Themes 3.1.4 contains an information disclosure vulnerability that allows unauthenticated attackers to download sensitive backup files by accessing the downloadbackup.php endpoint. Attackers can directly access the downloadbackup.php script in the admin/datamanagement...

8.7CVSS0.00287EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 2:16 p.m.15 views

CVE-2019-25746

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

7.1CVSS0.00226EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 2:16 p.m.13 views

CVE-2025-64215

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.13 views

CVE-2016-20081

WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the filepath parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to acces...

8.7CVSS0.00641EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 2:16 p.m.17 views

CVE-2016-20079

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gatewa...

6.9CVSS0.00778EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 2:16 p.m.12 views

CVE-2016-20082

WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtestadmin.php with malicious action values to include files from the admin directory an...

6.9CVSS0.00326EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 2:16 p.m.11 views

CVE-2016-20083

WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxe...

6.9CVSS0.00138EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 2:16 p.m.10 views

CVE-2016-20078

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like...

6.9CVSS0.00688EPSS
Exploits0References3
Total number of security vulnerabilities364310