|
3551
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2025-55664
|
2026-06-2 09:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3552
|
8.1 |
HIGH
Network
|
-
|
-
|
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fie…
|
CWE-74
Injection
|
CVE-2026-45344
|
2026-06-2 06:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3553
|
9.6 |
CRITICAL
Network
|
-
|
-
|
CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the run_tests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user…
|
CWE-94
Code Injection
|
CVE-2026-45311
|
2026-06-2 06:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3554
|
7.3 |
HIGH
Network
|
-
|
-
|
Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remo…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-39292
|
2026-06-2 06:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3555
|
7.3 |
HIGH
Network
|
-
|
-
|
An issue in SMSGate sms-core<=2.1.13.6 allows a remote attacker to execute arbitrary code via the Cmpp7FDeliverRequestMessageCodec.java component
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-37579
|
2026-06-2 06:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3556
|
6.5 |
MEDIUM
Network
|
streamlink
|
streamlink
|
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries an…
|
CWE-22
Path Traversal
|
CVE-2026-44353
|
2026-06-2 05:14 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3557
|
5.5 |
MEDIUM
Local
|
wireshark
|
wireshark
|
ROHC protocol dissector crash in Wireshark 4.6.0 to 4.6.5 and 4.4.0 to 4.4.15 allows denial of service
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-9759
|
2026-06-2 04:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3558
|
7.3 |
HIGH
Network
|
-
|
-
|
Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths.
The header injection rule was ineffective at blocking header injections in the r…
|
CWE-113
CWE-790
HTTP Response Splitting
|
CVE-2026-9658
|
2026-06-2 04:16 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3559
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without…
|
-
|
CVE-2026-9092
|
2026-06-2 04:16 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3560
|
4.3 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox m…
|
CWE-285
Improper Authorization
|
CVE-2026-48810
|
2026-06-2 04:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
