Export limit exceeded: 359197 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359197 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55661 | 1 Gpac | 1 Mp4box | 2026-06-18 | 5.5 Medium |
| A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2025-55641 | 1 Gpac | 2 Gpac, Mp4box | 2026-06-18 | 5.5 Medium |
| A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2025-55642 | 1 Gpac | 1 Gpac | 2026-06-18 | 6.5 Medium |
| GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c). | ||||
| CVE-2025-55647 | 1 Gpac | 1 Gpac | 2026-06-18 | 5.5 Medium |
| An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2025-55648 | 1 Gpac | 1 Gpac | 2026-06-18 | 5.5 Medium |
| A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2025-55649 | 1 Gpac | 2 Gpac, Mp4box | 2026-06-18 | 5.5 Medium |
| A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2025-55663 | 2026-06-18 | 5.5 Medium | ||
| A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2025-56814 | 2026-06-18 | 7.8 High | ||
| A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters. | ||||
| CVE-2025-68713 | 2026-06-18 | 8 High | ||
| An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers. | ||||
| CVE-2025-70102 | 2026-06-18 | 6.3 Medium | ||
| A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports 'runtime error: member access within null pointer of type struct dhcp_opt' and aborts. | ||||
| CVE-2026-8357 | 1 The Document Foundation | 1 Libreoffice | 2026-06-18 | 7.8 High |
| LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting. | ||||
| CVE-2026-12162 | 1 Devolutions | 1 Remote Desktop Manager | 2026-06-18 | 5.5 Medium |
| Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose stored social login credentials via a crafted web entry pointing to a provider lookalike domain. | ||||
| CVE-2026-12299 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-18 | 5.4 Medium |
| JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-0130 | 1 Google | 1 Android | 2026-06-18 | 3.5 Low |
| In RtcpChunk::decodeRtcpChunk, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2026-20253 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2026-06-17 | 9.8 Critical |
| In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials. Splunk Enterprise versions 9.4 and earlier are not affected. If you cannot immediately upgrade to a fixed version, you can mitigate this vulnerability by disabling the PostgreSQL sidecar service. | ||||
| CVE-2025-55652 | 2026-06-17 | 5.5 Medium | ||
| A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2025-55660 | 2026-06-17 | 5.5 Medium | ||
| A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | ||||
| CVE-2026-10828 | 1 Moxa | 2 Nport W2150a-w4 W2250a-w4 Series, Nport W2150a W2250a Series | 2026-06-17 | N/A |
| A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An attacker could exploit this vulnerability by sending crafted input to the web service, causing unintended memory disclosure. Successful exploitation may allow an attacker to leak sensitive memory contents and determine critical memory addresses, potentially bypassing Address Space Layout Randomization (ASLR) protections. | ||||
| CVE-2026-12302 | 1 Mozilla | 1 Firefox | 2026-06-17 | 6.5 Medium |
| Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. | ||||
| CVE-2026-12313 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | 4.7 Medium |
| Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. | ||||