| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-50869 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request. | ||
| CVE-2026-49954 | Hig | 0.47 | 7.2 | 0.01 | Jun 15, 2026 | Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute.… | ||
| CVE-2026-49953 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a… | ||
| CVE-2026-49952 | Cri | 0.52 | 9.1 | 0.01 | Jun 15, 2026 | Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter… | ||
| CVE-2026-48114 | Cri | 0.57 | 9.8 | 0.00 | Jun 15, 2026 | Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against… | ||
| CVE-2026-47835 | Hig | 0.49 | 8.6 | 0.00 | Jun 15, 2026 | In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected… | ||
| CVE-2026-45390 | Cri | 0.59 | 9.1 | 0.00 | Jun 15, 2026 | In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar(1) rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file… | ||
| CVE-2026-45389 | Cri | 0.59 | 9.1 | 0.00 | Jun 15, 2026 | In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and… | ||
| CVE-2026-45388 | Cri | 0.59 | 9.1 | 0.00 | Jun 15, 2026 | In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage). | ||
| CVE-2026-41708 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX… | ||
| CVE-2026-39197 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload. | ||
| CVE-2026-39196 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements. | ||
| CVE-2026-39118 | Hig | 0.55 | 8.4 | 0.00 | Jun 15, 2026 | An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality. | ||
| CVE-2026-39007 | Hig | 0.49 | 7.5 | 0.00 | Jun 15, 2026 | An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component. | ||
| CVE-2026-39006 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component. | ||
| CVE-2026-38812 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information. | ||
| CVE-2026-38329 | Cri | 0.57 | 9.8 | 0.01 | Jun 15, 2026 | Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a… | ||
| CVE-2026-38065 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter. | ||
| CVE-2026-38064 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter. | ||
| CVE-2026-38063 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter. | ||
| CVE-2026-38062 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter. | ||
| CVE-2026-38061 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter. | ||
| CVE-2026-38060 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter. | ||
| CVE-2026-37216 | Med | 0.40 | 6.1 | 0.00 | Jun 15, 2026 | Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add. | ||
| CVE-2026-36933 | Med | 0.44 | 6.8 | 0.00 | Jun 15, 2026 | An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature. | ||
| CVE-2026-36670 | Hig | 0.57 | 8.8 | 0.00 | Jun 15, 2026 | A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php. | ||
| CVE-2026-36537 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2026 | ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this… | ||
| CVE-2026-36521 | — | Med | 0.40 | 6.1 | 0.00 | Jun 15, 2026 | PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module. | |
| CVE-2026-36213 | Hig | 0.51 | 7.8 | 0.00 | Jun 15, 2026 | An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component. | ||
| CVE-2026-30121 | Cri | 0.52 | 9.1 | 0.00 | Jun 15, 2026 | remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability. | ||
| CVE-2026-30120 | Cri | 0.57 | 9.8 | 0.01 | Jun 15, 2026 | remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability. | ||
| CVE-2026-11931 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600). To remediate this… | ||
| CVE-2025-70102 | Med | 0.41 | 6.3 | 0.00 | Jun 15, 2026 | A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option… | ||
| CVE-2025-68713 | Hig | 0.52 | 8.0 | 0.00 | Jun 15, 2026 | An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files… | ||
| CVE-2025-56814 | Hig | 0.51 | 7.8 | 0.00 | Jun 15, 2026 | A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters. | ||
| CVE-2025-55663 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55661 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55660 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55652 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55650 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55649 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55648 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55647 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55645 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55644 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55643 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2025-55642 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c). | ||
| CVE-2025-55641 | Med | 0.36 | 5.5 | 0.00 | Jun 15, 2026 | A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||
| CVE-2026-48817 | 0.00 | — | 0.00 | Jun 15, 2026 | ### Summary When dispatching a request, `HTTPEndpoint` selects the handler by lowercasing the HTTP method and looking it up as an attribute with `getattr`, without restricting the lookup to a known set of HTTP verbs. When an `HTTPEndpoint` subclass is registered through… | |||
| CVE-2026-48125 | 0.00 | — | 0.00 | Jun 15, 2026 | ### Summary A regular expression denial-of-service (ReDoS) vulnerability has been discovered in `ua-parser-js` when using the Client Hints API. By sending a crafted `Sec-CH-UA-Model` header to an application that calls `UAParser(headers).withClientHints()`, an attacker can… |
- risk 0.64cvss 9.8epss 0.01
An issue in the api/plugin.php component of Bludit v3.19.0 allows attackers to execute a directory traversal via supplying a crafted request.
- risk 0.47cvss 7.2epss 0.01
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute.…
- risk 0.42cvss 6.5epss 0.00
Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a…
- risk 0.52cvss 9.1epss 0.01
Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gain unauthorized access to database backup and restore functionality by exploiting a shared cryptographic key between UCenter…
- risk 0.57cvss 9.8epss 0.00
Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthenticated SQL injection in the /harvesterRegistration endpoint. HarvesterRegistration.dbInsert() builds an INSERT against…
- risk 0.49cvss 8.6epss 0.00
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected…
- risk 0.59cvss 9.1epss 0.00
In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar(1) rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file…
- risk 0.59cvss 9.1epss 0.00
In OCaml-TLS before 2.1.0, the server implementation does insufficient checks of the certificate provided by the client (when doing client authentication), which allows impersonation with certificates that are not meant for client authentication (because of KeyUsage and…
- risk 0.59cvss 9.1epss 0.00
In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).
- risk 0.49cvss 7.5epss 0.00
In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX…
- risk 0.42cvss 6.5epss 0.00
An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
- risk 0.64cvss 9.8epss 0.00
Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the set_uri_query parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements.
- risk 0.55cvss 8.4epss 0.00
An issue in Iru, Inc Kandji Agent before v.4.7.5(5374) allows a local attacker to escalate privileges via a client validation gap to invoke restricted agent functionality.
- risk 0.49cvss 7.5epss 0.00
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.
- risk 0.64cvss 9.8epss 0.01
An issue in SNMP4J-Agent 3.8.3 allows a remote attacker to execute arbitrary code via the snmp4jCfgStoragePath component.
- risk 0.64cvss 9.8epss 0.00
RuoYi v4.8.2 is vulnerable to SQL Injection via the /tool/gen/createTable endpoint. The issue affects the code generation module and may allow an authenticated attacker with administrative privileges to access sensitive database information.
- risk 0.57cvss 9.8epss 0.01
Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a…
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.
- risk 0.64cvss 9.8epss 0.01
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.
- risk 0.40cvss 6.1epss 0.00
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
- risk 0.44cvss 6.8epss 0.00
An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.
- risk 0.57cvss 8.8epss 0.00
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php.
- risk 0.64cvss 9.8epss 0.01
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this…
- risk 0.40cvss 6.1epss 0.00
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
- risk 0.51cvss 7.8epss 0.00
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
- risk 0.52cvss 9.1epss 0.00
remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.
- risk 0.57cvss 9.8epss 0.01
remotion-dev remotion v4.0.409 was discovered to contain a remote code execution (RCE) vulnerability.
- risk 0.36cvss 5.5epss 0.00
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions (0644) instead of owner-restricted permissions (0600). To remediate this…
- risk 0.41cvss 6.3epss 0.00
A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option…
- risk 0.52cvss 8.0epss 0.00
An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files…
- risk 0.51cvss 7.8epss 0.00
A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters.
- risk 0.36cvss 5.5epss 0.00
A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.00
A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- risk 0.42cvss 6.5epss 0.00
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c).
- risk 0.36cvss 5.5epss 0.00
A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- CVE-2026-48817Jun 15, 2026risk 0.00cvss —epss 0.00
### Summary When dispatching a request, `HTTPEndpoint` selects the handler by lowercasing the HTTP method and looking it up as an attribute with `getattr`, without restricting the lookup to a known set of HTTP verbs. When an `HTTPEndpoint` subclass is registered through…
- CVE-2026-48125Jun 15, 2026risk 0.00cvss —epss 0.00
### Summary A regular expression denial-of-service (ReDoS) vulnerability has been discovered in `ua-parser-js` when using the Client Hints API. By sending a crafted `Sec-CH-UA-Model` header to an application that calls `UAParser(headers).withClientHints()`, an attacker can…