|
11
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-55645
|
2026-06-17 02:38 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
|
CWE-416
Use After Free
|
CVE-2025-55644
|
2026-06-17 02:37 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-55643
|
2026-06-17 02:37 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
8.6 |
HIGH
Network
|
-
|
-
|
An attacker with network-level access between the SUSE Virtualization
and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it
to bypass TLS as a secur…
|
CWE-295
Improper Certificate Validation
|
CVE-2025-71261
|
2026-06-17 02:37 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
8.6 |
HIGH
Network
|
-
|
-
|
A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-10649
|
2026-06-17 02:37 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
- |
|
-
|
-
|
To allow builds of Python to be run from an in-tree layout (rather than
an installed file layout), the VPATH variable is defined at build time
and used to locate certain landmarks - specifically,
Mod…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-12003
|
2026-06-17 02:37 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
7.8 |
HIGH
Local
|
-
|
-
|
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclos…
|
CWE-94
Code Injection
|
CVE-2026-24155
|
2026-06-17 02:37 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
7.8 |
HIGH
Local
|
-
|
-
|
NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalati…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-24228
|
2026-06-17 02:37 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.
|
CWE-78
OS Command
|
CVE-2026-44932
|
2026-06-17 02:37 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false in the verify_dec…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-53776
|
2026-06-17 02:36 |
2026-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
