|
651
|
7.5 |
HIGH
Network
|
-
|
-
|
A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2025-60474
|
2026-06-26 04:14 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
652
|
5.0 |
MEDIUM
Local
|
-
|
-
|
A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted…
New
|
CWE-416
Use After Free
|
CVE-2025-60466
|
2026-06-26 04:14 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplyin…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60473
|
2026-06-26 04:14 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
7.8 |
HIGH
Local
|
-
|
-
|
Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privi…
New
|
CWE-78
OS Command
|
CVE-2026-46735
|
2026-06-26 04:14 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
7.5 |
HIGH
Network
|
-
|
-
|
Tenable Identity Exposure contains multiple unauthenticated API endpoints under /w/api/* that expose sensitive application configuration data including cleartext LDAP credentials, SAML configuration,…
New
|
CWE-306
CWE-524
Missing Authentication for Critical Function
Use of Cache Containing Sensitive Information
|
CVE-2026-13007
|
2026-06-26 04:10 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
9.6 |
CRITICAL
Network
|
-
|
-
|
A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker mess…
New
|
CWE-862
Missing Authorization
|
CVE-2026-11807
|
2026-06-26 04:10 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack active administrative sessions due to an improper cache of …
New
|
CWE-287
Improper Authentication
|
CVE-2026-12112
|
2026-06-26 04:10 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds r…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-12891
|
2026-06-26 04:10 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
4.4 |
MEDIUM
Local
|
-
|
-
|
A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC extension slice NAL units, a 1-byte heap out-of-bounds re…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-12892
|
2026-06-26 04:10 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
8.8 |
HIGH
Network
|
-
|
-
|
Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41862
|
2026-06-26 04:10 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
