π¨ CVE-2026-47367
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.
π@cveNotify
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.
π@cveNotify
π¨ CVE-2026-47368
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
π@cveNotify
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
π@cveNotify
π¨ CVE-2026-47369
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
π@cveNotify
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
π@cveNotify
π¨ CVE-2026-47370
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
π@cveNotify
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
π@cveNotify
π¨ CVE-2026-48610
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
π@cveNotify
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
π@cveNotify
π¨ CVE-2026-44802
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44804
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44807
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44808
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44811
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44813
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-44814
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
π@cveNotify
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2026-48565
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
π@cveNotify
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2026-48569
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
π@cveNotify
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
π@cveNotify
π¨ CVE-2025-52292
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
π@cveNotify
Infosec Exchange
sigdevel (@sigdevel@infosec.exchange)
Attached: 1 image
Security Advisory: CVE-2025-52292 - Stack-based Buffer Overflow in GPAC/MP4Box
Processing a crafted MP4 file with `MP4Box` can trigger a stack-based buffer overflow in `filein_process()` in `filters/in_file.c`, causing a crash and potentialβ¦
Security Advisory: CVE-2025-52292 - Stack-based Buffer Overflow in GPAC/MP4Box
Processing a crafted MP4 file with `MP4Box` can trigger a stack-based buffer overflow in `filein_process()` in `filters/in_file.c`, causing a crash and potentialβ¦
π¨ CVE-2025-52293
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.
π@cveNotify
A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.
π@cveNotify
Infosec Exchange
sigdevel (@sigdevel@infosec.exchange)
Attached: 1 image
Security Advisory: CVE-2025-52293 - Memory Safety Violation in GPAC MP4Box HEVC SPS Parser
Processing a crafted MP4 file containing malformed HEVC SPS data with `MP4Box` can trigger a segmentation fault in `gf_hevc_read_sps_bs_internal()`β¦
Security Advisory: CVE-2025-52293 - Memory Safety Violation in GPAC MP4Box HEVC SPS Parser
Processing a crafted MP4 file containing malformed HEVC SPS data with `MP4Box` can trigger a segmentation fault in `gf_hevc_read_sps_bs_internal()`β¦
π¨ CVE-2026-44801
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-47653
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-47654
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2026-12007
Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...
π¨ CVE-2026-12008
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.114/.115 for Windows and Mac and 149.0.7827.114 for Linux, which will roll out over the c...