|
311
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-55651
|
2026-06-13 01:39 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312
|
7.5 |
HIGH
Network
|
gpac
|
gpac
|
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS …
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-52293
|
2026-06-13 01:39 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313
|
4.4 |
MEDIUM
Network
|
-
|
-
|
IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions (create, delete, get, lis…
New
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-47190
|
2026-06-13 01:24 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314
|
- |
|
-
|
-
|
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collecti…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45830
|
2026-06-13 01:23 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315
|
- |
|
-
|
-
|
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, d…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-45831
|
2026-06-13 01:23 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316
|
- |
|
-
|
-
|
All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 en…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45832
|
2026-06-13 01:23 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317
|
- |
|
-
|
-
|
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution.
New
|
-
|
CVE-2026-40677
|
2026-06-13 01:22 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
318
|
- |
|
-
|
-
|
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-8828
|
2026-06-13 01:22 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
319
|
- |
|
-
|
-
|
Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4.
New
|
CWE-284
Improper Access Control
|
CVE-2026-44976
|
2026-06-13 01:20 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
320
|
7.5 |
HIGH
Network
|
-
|
-
|
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the creatio…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-48748
|
2026-06-13 01:18 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
