Security Vulnerabilities
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check the return value of avfilter_graph_dump() for NULL, leading to a crash if the underlying memory allocation fails.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-09-02
An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the av_get_sample_fmt_name() C function, which can be triggered by providing an unrecognized sample format.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-02
Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-09-02
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_cmd function via the command parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
6.5
EPSS Score
0.124
Published
2025-09-02
Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the username parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
6.5
EPSS Score
0.124
Published
2025-09-02
Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function of the "adm.cgi" binary, and is due to improper santization of the user provided "newpass" field
CVSS Score
6.5
EPSS Score
0.129
Published
2025-09-02
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
CVSS Score
7.5
EPSS Score
0.002
Published
2025-09-02
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-09-02
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-02
rsbi-pom 4.7 is vulnerable to SQL Injection in the /bi/service/model/DatasetService path.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-09-02