|
41
|
7.5 |
HIGH
Network
|
gpac
|
gpac
|
A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-55657
|
2026-06-14 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
5.5 |
MEDIUM
Local
|
gpac
|
gpac
|
A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-55651
|
2026-06-14 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
7.5 |
HIGH
Network
|
gpac
|
gpac
|
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS …
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-52293
|
2026-06-14 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
7.5 |
HIGH
Network
|
gpac
|
gpac
|
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2025-52292
|
2026-06-14 09:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of …
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-12175
|
2026-06-14 08:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation o…
New
|
CWE-119
CWE-134
Incorrect Access of Indexable Resource ('Range Error')
Use of Externally-Controlled Format String
|
CVE-2026-12174
|
2026-06-14 06:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax…
New
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-12183
|
2026-06-14 03:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
7.6 |
HIGH
Network
|
-
|
-
|
SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x b…
New
|
CWE-89
SQL Injection
|
CVE-2026-6428
|
2026-06-14 02:16 |
2026-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletio…
New
|
CWE-645
Overly Restrictive Account Lockout Mechanism
|
CVE-2026-53982
|
2026-06-13 22:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
50
|
7.2 |
HIGH
Network
|
-
|
-
|
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and inclu…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-5513
|
2026-06-13 21:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
