CVE-2026-14801
A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin_probe_dura
CVSS
3.3
Low
EPSS
0.1%
p2
KEV
—
Exploit Today
0
0-100
Published: Jul 6, 2026 · Last modified: Jul 6, 2026 · CWE-369 · CWE-404
0.1%EPSS · 30 days0.1%
2026-07-062026-07-16
A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtin_probe_duration of the file src/filters/load_text.c of the component TeXML File Handler. Such manipulation of the argument txml_timescale leads to divide by zero. An attack has to be approached locally. The name of the patch is 86a5191f2e750c767253e27ed6cfd6d547afebc2. A patch should be applied to remediate this issue.
- github.comhttps://github.com/gpac/gpac/
- github.comhttps://github.com/gpac/gpac/commit/86a5191f2e750c767253e27ed6cfd6d547afebc2
- github.comhttps://github.com/gpac/gpac/issues/3610
- vuldb.comhttps://vuldb.com/cve/CVE-2026-14801
- vuldb.comhttps://vuldb.com/submit/850854
- vuldb.comhttps://vuldb.com/vuln/376395
- vuldb.comhttps://vuldb.com/vuln/376395/cti
- github.comhttps://github.com/gpac/gpac/issues/3610
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2020-288747.5 HIG81.8%
——25reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).8dCVE-2025-97847.5 HIG80.2%
——24A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).17dCVE-2021-414417.4 HIG72.8%
——22A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot.8dCVE-2022-351916.5 MED55.6%
——17D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.8dCVE-2024-338447.5 HIG41.2%
——12The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.8dCVE-2026-146234.3 MED40.8%
——12A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called 34bc6724acc97dba1f8691e586da95b042cb612d. A patch should be applied to remediate this issue.10d