CVEs from 2026
Total
14,034
critical
critical 1,231
high
high 4,634
medium
medium 4,443
low
low 484
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4186 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This man… | |||
| CVE-2026-4166 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in c… | |||
| CVE-2026-3984 | low | 3.5 | 3.5 | 3mo ago | A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation o… | |||
| CVE-2026-3983 | low | 3.5 | 3.5 | 3mo ago | A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argume… | |||
| CVE-2026-3946 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site… | |||
| CVE-2026-2825 | low | 3.5 | 3.5 | 3mo ago | A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross si… | |||
| CVE-2026-2709 | low | 3.5 | 3.5 | 3mo ago | A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulatio… | |||
| CVE-2026-1406 | low | 3.5 | 3.5 | 4mo ago | A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of… | |||
| CVE-2026-1161 | low | 3.5 | 3.5 | 5mo ago | A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. Th… | |||
| CVE-2026-1136 | low | 3.5 | 3.5 | 5mo ago | A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This… | |||
| CVE-2026-0824 | low | 3.5 | 3.5 | 5mo ago | QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting | |||
| CVE-2026-34685 | low | 3.4 | 3.4 | 21d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Sec… | |||
| CVE-2026-40131 | low | 3.4 | 3.4 | 22d ago | SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploi… | |||
| CVE-2026-42195 | low | 3.4 | 3.4 | 25d ago | draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAut… | |||
| CVE-2026-44405 | low | 3.4 | 3.4 | 28d ago | Paramiko rsakey.py allows the SHA-1 algorithm | |||
| CVE-2026-10528 | low | 3.3 | 3.3 | 1d ago | A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the c… | |||
| CVE-2026-10298 | low | 3.3 | 3.3 | 1d ago | A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null point… | |||
| CVE-2026-10295 | low | 3.3 | 3.3 | 1d ago | A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a mani… | |||
| CVE-2026-28586 | low | 3.3 | 3.3 | 1d ago | In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution pri… | |||
| CVE-2026-0056 | low | 3.3 | 3.3 | 1d ago | In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed.… | |||
| CVE-2026-0050 | low | 3.3 | 3.3 | 1d ago | In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional … | |||
| CVE-2026-0016 | low | 3.3 | 3.3 | 1d ago | In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disc… | |||
| CVE-2026-45278 | low | 3.3 | 3.3 | 2d ago | Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses … | |||
| CVE-2026-45277 | low | 3.3 | 3.3 | 2d ago | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can req… | |||
| CVE-2026-10268 | low | 3.3 | 3.3 | 2d ago | A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer… | |||
| CVE-2026-10267 | low | 3.3 | 3.3 | 2d ago | A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attackin… | |||
| CVE-2026-10233 | low | 3.3 | 3.3 | 2d ago | A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MD… | |||
| CVE-2026-10201 | low | 3.3 | 3.3 | 2d ago | A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a ma… | |||
| CVE-2026-10199 | low | 3.3 | 3.3 | 2d ago | A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null po… | |||
| CVE-2026-10198 | low | 3.3 | 3.3 | 2d ago | A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipul… | |||
| CVE-2026-10197 | low | 3.3 | 3.3 | 2d ago | A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handle… | |||
| CVE-2026-49383 | low | 3.3 | 3.3 | 5d ago | In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible | |||
| CVE-2026-45324 | low | 3.3 | 3.3 | 5d ago | Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vul… | |||
| CVE-2026-45613 | low | 3.3 | 3.3 | 5d ago | Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76c… | |||
| CVE-2026-47337 | low | 3.3 | 3.3 | 6d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local u… | |||
| CVE-2026-47336 | low | 3.3 | 3.3 | 6d ago | Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an unprivileged local user and… | |||
| CVE-2026-47330 | low | 3.3 | 3.3 | 6d ago | Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unpri… | |||
| CVE-2026-47329 | low | 3.3 | 3.3 | 6d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user a… | |||
| CVE-2026-47327 | low | 3.3 | 3.3 | 6d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This c… | |||
| CVE-2026-48156 | low | 3.3 | 3.3 | 6d ago | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams w… | |||
| CVE-2026-9572 | low | 3.3 | 3.3 | 8d ago | A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of t… | |||
| CVE-2026-9567 | low | 3.3 | 3.3 | 8d ago | A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointe… | |||
| CVE-2026-9530 | low | 3.3 | 3.3 | 8d ago | A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani… | |||
| CVE-2026-9529 | low | 3.3 | 3.3 | 8d ago | A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulati… | |||
| CVE-2026-9504 | low | 3.3 | 3.3 | 8d ago | A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou… | |||
| CVE-2026-9503 | low | 3.3 | 3.3 | 8d ago | A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null … | |||
| CVE-2026-9501 | low | 3.3 | 3.3 | 8d ago | A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipul… | |||
| CVE-2026-39824 | low | 3.3 | 3.3 | 12d ago | NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated strin… | |||
| CVE-2026-47782 | low | 3.3 | 3.3 | 13d ago | Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web p… | |||
| CVE-2026-33565 | low | 3.3 | 3.3 | 15d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-28751 | low | 3.3 | 3.3 | 15d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-27781 | low | 3.3 | 3.3 | 15d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-25110 | low | 3.3 | 3.3 | 15d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-0965 | low | 3.3 | 3.3 | 15d ago | Moderate: libssh security update | |||
| CVE-2026-47091 | low | 3.3 | 3.3 | 15d ago | Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin… | |||
| CVE-2026-8770 | low | 3.3 | 3.3 | 16d ago | A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulat… | |||
| CVE-2026-20793 | low | 3.3 | 3.3 | 22d ago | Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an a… | |||
| CVE-2026-41530 | low | 3.3 | 3.3 | 22d ago | The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fe… | |||
| CVE-2026-28910 | low | 3.3 | 3.3 | 22d ago | macOS Tahoe 26.4 | |||
| CVE-2026-28957 | low | 3.3 | 3.3 | 23d ago | visionOS 26.5 | |||
| CVE-2026-32803 | low | 3.3 | 3.3 | 26d ago | Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileg… | |||
| CVE-2026-41498 | low | 3.3 | 3.3 | 26d ago | Kimai has Missing Object-Level Authorization in the Team API | |||
| CVE-2026-7740 | low | 3.3 | 3.3 | 1mo ago | A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id… | |||
| CVE-2026-7739 | low | 3.3 | 3.3 | 1mo ago | A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation … | |||
| CVE-2026-33448 | low | 3.3 | 3.3 | 1mo ago | CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump t… | |||
| CVE-2026-41357 | low | 3.3 | 3.3 | 1mo ago | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve… | |||
| CVE-2026-35379 | low | 3.3 | 3.3 | 1mo ago | A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space char… | |||
| CVE-2026-35378 | low | 3.3 | 3.3 | 1mo ago | A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw… | |||
| CVE-2026-35375 | low | 3.3 | 3.3 | 1mo ago | A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to_string_lossy() wh… | |||
| CVE-2026-35371 | low | 3.3 | 3.3 | 1mo ago | uutils coreutils's User Interface (UI) Misrepresents Critical Information | |||
| CVE-2026-35344 | low | 3.3 | 3.3 | 1mo ago | uutils coreutils has an Unchecked Return Value Issue | |||
| CVE-2026-35343 | low | 3.3 | 3.3 | 1mo ago | The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited fl… | |||
| CVE-2026-35342 | low | 3.3 | 3.3 | 1mo ago | The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementa… | |||
| CVE-2026-40505 | low | 3.3 | 3.3 | 2mo ago | MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious… | |||
| CVE-2026-6192 | low | 3.3 | 3.3 | 2mo ago | A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. T… | |||
| CVE-2026-40228 | low | 3.3 | 3.3 | 2mo ago | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set. | |||
| CVE-2026-5037 | low | 3.3 | 3.3 | 2mo ago | A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr c… | |||
| CVE-2026-4833 | low | 3.3 | 3.3 | 2mo ago | A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled r… | |||
| CVE-2026-20684 | low | 3.3 | 3.3 | 2mo ago | macOS Tahoe 26.4 | |||
| CVE-2026-4539 | low | 3.3 | 3.3 | 2mo ago | A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular e… | |||
| CVE-2026-4159 | low | 3.3 | 3.3 | 3mo ago | 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_Decode… | |||
| CVE-2026-4174 | low | 3.3 | 3.3 | 3mo ago | A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation lea… | |||
| CVE-2026-4010 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument leng… | |||
| CVE-2026-4009 | low | 3.3 | 3.3 | 3mo ago | A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File P… | |||
| CVE-2026-3950 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to o… | |||
| CVE-2026-3949 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing… | |||
| CVE-2026-21791 | low | 3.3 | 3.3 | 3mo ago | HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL | |||
| CVE-2026-3449 | low | 3.3 | 3.3 | 3mo ago | @tootallnate/once vulnerable to Incorrect Control Flow Scoping | |||
| CVE-2026-3407 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes h… | |||
| CVE-2026-2903 | low | 3.3 | 3.3 | 3mo ago | A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack ca… | |||
| CVE-2026-2889 | low | 3.3 | 3.3 | 3mo ago | A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only… | |||
| CVE-2026-2642 | low | 3.3 | 3.3 | 4mo ago | A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null point… | |||
| CVE-2026-2641 | low | 3.3 | 3.3 | 4mo ago | A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Exe… | |||
| CVE-2026-2246 | low | 3.3 | 3.3 | 4mo ago | A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltag_detector_detect of the file apriltag.c. The manipulation lead… | |||
| CVE-2026-2245 | low | 3.3 | 3.3 | 4mo ago | A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation l… | |||
| CVE-2026-2069 | low | 3.3 | 3.3 | 4mo ago | A flaw has been found in ggml-org llama.cpp up to 55abc39. Impacted is the function llama_grammar_advance_stack of the file llama.cpp/src/llama-grammar.cpp of the component GBNF Grammar Handler. This… | |||
| CVE-2026-1990 | low | 3.3 | 3.3 | 4mo ago | A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation l… | |||
| CVE-2026-1417 | low | 3.3 | 3.3 | 4mo ago | A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference.… | |||
| CVE-2026-1416 | low | 3.3 | 3.3 | 4mo ago | A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null poin… | |||
| CVE-2026-1415 | low | 3.3 | 3.3 | 4mo ago | A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to… |