7.1AI Score
GStreamer, GStreamer Plugins: Multiple Vulnerabilities
Background GStreamer is an open source multimedia framework. Description Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There.....
8.8CVSS
7.6AI Score
0.0005EPSS
APSB24-34 : Security update available for Adobe Media Encoder
Adobe has released an update for Adobe Media Encoder. This update resolves an important vulnerability that could lead to memory...
5.5CVSS
7AI Score
0.001EPSS
7.1AI Score
Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media...
7.8CVSS
8.7AI Score
0.0004EPSS
JHead: Multiple Vulnerabilities
Background JHead is an EXIF JPEG header manipulation tool. Description Multiple vulnerabilities have been discovered in JHead. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround at....
9.8CVSS
7.7AI Score
0.002EPSS
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site...
6.1CVSS
6AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8...
6.1CVSS
6.1AI Score
0.0005EPSS
The Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...
4.8CVSS
6AI Score
0.0004EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite.....
4.8CVSS
5.8AI Score
0.0005EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6.2AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6.2AI Score
0.001EPSS
The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
6AI Score
0.001EPSS
Ant Media Server does not properly authorize non-administrative API calls
Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 (tested) and possibly newer ones are believed to be...
6.5AI Score
0.0004EPSS
A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It has been declared as problematic. This vulnerability affects the function webvtt of the file application/controllers/timedtext.php. The manipulation of the argument ttml_url leads to cross site scripting. The attack can be...
5.4CVSS
6.2AI Score
0.001EPSS
The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....
4.3CVSS
6.6AI Score
0.001EPSS
matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could be....
5.4CVSS
7.3AI Score
0.001EPSS
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to...
8.8CVSS
7.2AI Score
0.001EPSS
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords......
7.5CVSS
7.1AI Score
0.001EPSS
Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session....
9.8CVSS
7.1AI Score
0.001EPSS
Ant Media Server Community Edition is vulnerable to Improper Authorization. The vulnerability is due to improper HTTP header based authorization which allows unauthorized users to potentially access non-administrative API calls reserved for authorized...
7AI Score
0.0004EPSS
LaunchAnywhere in SysUI via media notification
In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
Media resumption control could show up in another user and leak the owner's media data
In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User...
5.5CVSS
6.4AI Score
0.0004EPSS
social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in...
5.4CVSS
6.3AI Score
0.001EPSS
Ant Media Server does not properly authorize non-administrative API calls
Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users. All versions up to 2.9.0 (tested) and possibly newer ones are believed to be...
6.8AI Score
0.0004EPSS
Enumerate photos across users by SystemUI media resumption
In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.2AI Score
0.0004EPSS
Malicious code in @ozon-fe/media-player (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (f83f6ec5a227a2759eaf3a0f63b52ed88c790c3af44ea8bf3a9fa132d746220e) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Import Legacy Media <= 0.1 - Cross-Site Scripting
A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to...
6.1CVSS
6AI Score
0.001EPSS
Veeam Recovery Media for Linux OS, Workarounds
Veeam Support Knowledge Base answer to: Veeam Recovery Media for Linux OS,...
3.5AI Score
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...
5.5CVSS
4AI Score
0.001EPSS
WordPress Sell Media 2.4.1 - Cross-Site Scripting
WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter (aka $search_term or the Search...
6.1CVSS
5.9AI Score
0.001EPSS
[Media Provider] Security Report - [EoP: Bypass Storage Restriction in Android 11]
In multiple locations of MediaProvider.java, there is a possible way to get read/write access to other applications’ dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed......
6.6AI Score
0.0004EPSS
WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect
WordPress WebP Converter for Media < 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an open redirect...
6.1CVSS
6.1AI Score
0.001EPSS
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score
libjpeg-turbo: Multiple Vulnerabilities
Background libjpeg-turbo is a MMX, SSE, and SSE2 SIMD accelerated JPEG library. Description Multiple vulnerabilities have been discovered in libjpeg-turbo. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
8.8CVSS
7.6AI Score
0.01EPSS
WordPress GraceMedia Media Player 1.0 - Local File Inclusion
WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg...
9.8CVSS
9.1AI Score
0.029EPSS
MediaInfo, MediaInfoLib: Multiple Vulnerabilities
Background MediaInfo supplies technical and tag information about media files. MediaInfoLib contains MediaInfo libraries. Description Multiple vulnerabilities have been discovered in MediaInfo and MediaInfoLib. Please review the CVE identifiers referenced below for details. Impact Please review...
7.4AI Score
Blog2Social: Social Media Auto Post & Scheduler < 7.4.2 - Authenticated (Subscriber+) SQL Injection
Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the.....
9.9CVSS
7.2AI Score
0.001EPSS
Platform level change for "I see an empty media notification in the shade"
In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
7.8CVSS
7.4AI Score
0.0004EPSS
Disable show media on lock screen, but still accessible via pull down notificaion
In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges needed. User interaction is not needed for...
6.1AI Score
EPSS
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based...
8AI Score
0.01EPSS
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (.youtube and .vimeo files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
7AI Score
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (.youtube and .vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (.youtube and .vimeo files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this...
6.7AI Score
ImageMagick: Multiple Vulnerabilities
Background ImageMagick is a software suite to create, edit, and compose bitmap images, that can also read, write, and convert images in many other formats. Description Multiple vulnerabilities have been discovered in ImageMagick. Please review the CVE identifiers referenced below for details....
7.8CVSS
7.1AI Score
0.014EPSS
MPlayer: Multiple Vulnerabilities
Background MPlayer is a media player capable of handling multiple multimedia file formats. Description Multiple vulnerabilities have been discovered in MPlayer. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details....
7.8CVSS
7.3AI Score
0.001EPSS