CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Discuz! X5.0 versions from 20260320 to 20260610 contain a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images.
Version v0.54.0 of Datadog, Inc Vector has an issue in the /util/http/prelude.rs endpoint that allows attackers to cause a Denial of Service (DoS) via a crafted request or payload.
Ruoyi version 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
An issue in Boyleep K11 with y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.
PublicCMS V5.202506.d has a Cross Site Scripting (XSS) vulnerability in the site configuration management module.
Kiro IDE on macOS and Linux before version 0.11.133 has incorrect default permissions that could expose the authentication token cache file to other local users or processes. The file permissions are set to 0644 instead of 0600.
A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd version 10.3.0 while parsing configuration options. This error occurs in the parse_option() function when an unexpected or invalid option token causes the lookup to yield NULL.
A segmentation violation in the Track_SetStreamDescriptor function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
A stack overflow in the gf_opus_read_length function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A heap buffer overflow in the gf_isom_vp_config_new function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A heap use-after-free vulnerability in the gf_node_get_tag function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A NULL pointer dereference in the gf_media_map_esd function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A heap buffer overflow in the gf_opus_parse_packet_header function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
The mp4_mux_cenc_insert_pssh function in GPAC MP4Box v2.4 has an Out-of-Memory error that allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A heap buffer overflow in the gf_cenc_set_pssh function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A heap use-after-free vulnerability in the gf_node_get_tag function of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
A NULL pointer dereference in the TrackWriter handling component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
In version 2.4 of GPAC MP4Box, a floating point exception was discovered in the avidmx_process function (isomedia/isom_write.c).
A NULL pointer dereference in the gf_isom_copy_sample_info function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.

