|
3441
|
8.8 |
HIGH
Network
|
dalibo
|
anonymizer
|
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an…
|
CWE-89
SQL Injection
|
CVE-2026-9617
|
2026-06-2 09:40 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3442
|
6.8 |
MEDIUM
Network
|
gradio_project
|
gradio
|
Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across…
|
CWE-384
Session Fixation
|
CVE-2026-48545
|
2026-06-2 09:34 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3443
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a …
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60495
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3444
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A heap use-after-free in the dasher_process function (/filters/dasher.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MPEG-2 file.
|
CWE-416
Use After Free
|
CVE-2025-60486
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3445
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A segmentation violation in the gf_isom_apple_set_tag_ex function (/isomedia/isom_write.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a cr…
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60485
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3446
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A NULL pointer dereference in the gf_ac4_pres_b_4_back_channels_present function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) …
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60483
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3447
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A NULL pointer dereference in the gf_odf_ac4_cfg_dsi_v1 function (/odf/descriptors.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted…
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60481
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3448
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-55664
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3449
|
8.1 |
HIGH
Network
|
-
|
-
|
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fie…
|
CWE-74
Injection
|
CVE-2026-45344
|
2026-06-2 06:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3450
|
9.6 |
CRITICAL
Network
|
-
|
-
|
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user…
|
CWE-94
Code Injection
|
CVE-2026-45311
|
2026-06-2 06:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
