|
531
|
5.3 |
MEDIUM
Local
|
-
|
-
|
Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-52721
|
2026-06-16 06:09 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
7.1 |
HIGH
Network
|
-
|
-
|
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a leng…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-52722
|
2026-06-16 06:09 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
7.1 |
HIGH
Network
|
-
|
-
|
A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variab…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-53704
|
2026-06-16 06:09 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
7.1 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-53703
|
2026-06-16 06:09 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
7.6 |
HIGH
Network
|
-
|
-
|
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 * block_samples * ch…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-53705
|
2026-06-16 06:09 |
2026-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
7.7 |
HIGH
Network
|
-
|
-
|
Koel is a free, open-source music streaming solution. Prior to version 9.3.5, Koel validates the podcast feed URL via the SafeUrl rule (DNS resolution + public IP check), but the individual episode <…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-47260
|
2026-06-16 06:08 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
7.6 |
HIGH
Network
|
-
|
-
|
SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x b…
|
CWE-89
SQL Injection
|
CVE-2026-6428
|
2026-06-16 06:06 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
- |
|
-
|
-
|
Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint. A specially crafted reque…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-47216
|
2026-06-16 06:05 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
- |
|
-
|
-
|
Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scope…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-47225
|
2026-06-16 06:05 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
- |
|
-
|
-
|
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema me…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-47248
|
2026-06-16 06:05 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
