Lucene search
K

28020 matches found

Nuclei
Nuclei
added yesterday178 views

WordPress HTML5 Video Player - SQL Injection

WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks. id: CVE-2024-1061 info: name: WordPress HTML5 Video Player - SQL Injection author: xxcdd severity: critical description: | WordPress HTM...

9.8CVSS7.2AI score0.11125EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday22 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

9.3CVSS6AI score0.01323EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday22 views

Radio Player <= 2.0.82 - Server-Side Request Forgery

The Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

7.2CVSS7.2AI score0.05112EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday138 views

WordPress HTML5 Video Player < 2.5.27 - SQL Injection

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks id: CVE-2024-5522 info: name: WordPress HTML5 Video Player 2.5.27 - SQL Injection...

6.5CVSS6AI score0.02639EPSS
Exploits6References2
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-57264

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software1
NVD
NVD
added 4 days ago6 views

CVE-2026-36911

A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

5.5CVSS0.00111EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-36909

A NULL pointer dereference in the AP4TkhdAtom::GetTrackId function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

6.2CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-12135

The CVE-2026-12135 entry concerns the FV Flowplayer Video Player plugin for WordPress. Affected versions are all releases up to 7.5.51.7212, where a Stored Cross-Site Scripting vulnerability exists in the video_player shortcode align attribute due to insufficient input sanitization and output esc...

6.4CVSS5.9AI score0.00205EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-12135 FV Flowplayer Video Player <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'video_player' Shortcode

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoplayer' shortcode 'align' attribute in all versions up to, and including, 7.5.51.7212 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS0.00205EPSS
Exploits0References6
CVE
CVE
added 4 days ago4 views

CVE-2026-36909

Summary of CVE-2026-36909 (MPC-BE): A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function in Aleksoid1978 MPC-BE prior to commit 4341cb3 allows a crafted MP4 file to trigger a Denial of Service. Affected component: MPC-BE (Aleksoid1978). Root cause: NULL pointer dereference in Get...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-36912

A NULL pointer dereference in the AP4AtomSampleTable::GetSample function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

0.00343EPSS
Exploits0References2
Patchstack
Patchstack
added 5 days ago5 views

WordPress FV Flowplayer Video Player plugin <= 7.5.51.7212 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin FV Flowplayer Video Player versions = 7.5.51.7212...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in vlc

An integer overflow in the VNC module of the VideoLAN VLC Media Player, as of version 3.0.17.4, allows attackers to exploit this vulnerability by tricking users into opening a specially crafted playlist or connecting to a malicious VNC server. This can result in the crash of the VLC player or the...

7.8CVSS7.8AI score0.00649EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in vlc

VLC Media Player 3.0.20 and earlier are vulnerable to denial of service due to an integer overflow. This vulnerability can be exploited by a maliciously crafted MMS stream heap-based overflow. If successful, a malicious third party can cause the VLC player to crash or execute arbitrary code with...

8CVSS8AI score0.0057EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in vlc

Videolan VLC prior to version 3.0.20 contains an integer underflow issue that can lead to incorrect packet lengths being displayed...

7.5CVSS7.1AI score0.00907EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-49773

Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...

6.5CVSS0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.7 views

EUVD-2026-36894

Subscriber Cross Site Scripting XSS in FV Flowplayer Video Player 7.5.51.7212 versions...

6.5CVSS5.1AI score0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49344

Name of the Vulnerable Software and Affected Versions FV Flowplayer Video Player versions prior to 7.5.51.7212 Description Cross Site Scripting XSS is possible for users with the Subscriber role. This issue allows an attacker to inject malicious scripts into web pages viewed by other users...

6.5CVSS5.1AI score0.00166EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 1:28 a.m.18 views

CVE-2026-9125

Summary: CVE-2026-9125 affects the Presto Player plugin for WordPress (up to version 4.2.0). The root cause is insufficient input sanitization and output escaping in the getOverlays() function, which copies the link_url shortcode attribute directly into the overlay configuration without scheme va...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/12 1:28 a.m.9 views

CVE-2026-9125 The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS5.6AI score0.00239EPSS
Exploits0References10
Rows per page
Query Builder