CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

201 matches found

OSV•added 2026/05/27 4:46 p.m.•2 views

SUSE-SU-2026:21854-1 Security update for localsearch

This update for localsearch fixes the following issues: - CVE-2026-1764: Fixed a heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files. bsc1257606 - CVE-2026-1765: Fixed a Denial of Service and potential information disclosure via crafted MP3 files...

5.9AI score

Exploits1References9

Tenable Nessus•added 2026/05/26 12:0 a.m.•8 views

openSUSE 16 Security Update : libsndfile (openSUSE-SU-2026:20787-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20787-1 advisory. This update for libsndfile fixes the following issues - CVE-2025-52194: buffer overflow in the ircamreadheader function of file src/ircam.c when...

7.5CVSS6AI score0.00321EPSS

Exploits3References9

OSV•added 2026/05/18 8:14 a.m.•2 views

SUSE-SU-2026:1968-1 Security update for libsndfile

This update for libsndfile fixes the following issues - CVE-2025-52194: buffer overflow in the ircamreadheader function of file src/ircam.c when processing malformed IRCAM audio files bsc1248458. - CVE-2026-37555: IMA-ADPCM integer overflow bsc1263695...

7.5CVSS6AI score0.00321EPSS

Exploits2References5

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в audacity

Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there...

3.3CVSS6.9AI score0.00118EPSS

Exploits0References2

Snyk•added 2026/04/29 9:34 p.m.•4 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the webchat audio embedding process. An attacker can access and exfiltrate arbitrary local audio-like files readable by the gateway process by influencing the...

6.3CVSS6.3AI score0.00052EPSS

Exploits0References2

CNNVD•added 2026/03/21 12:0 a.m.•4 views

Ventis MediaMonkey 安全漏洞

Ventis MediaMonkey is a multi-functional music player software developed by the Czech company Ventis. Version 4.1.23 of Ventis MediaMonkey contains a security vulnerability. This vulnerability stems from a buffer overflow issue when opening specially crafted MP3 files, which could allow local...

6.9CVSS6.1AI score0.00021EPSS

Exploits1References4

RedhatCVE•added 2026/03/20 1:21 p.m.•3 views

CVE-2026-32889

A flaw was found in tinytag, a Python library for reading audio file metadata. An attacker who can supply specially crafted MP3 files for parsing can trigger a non-terminating loop within the library. This can cause the parsing operation to stop making progress, leading to a Denial of Service DoS...

6.5CVSS5.7AI score0.00023EPSS

Exploits1References7

Snyk•added 2026/03/17 8:51 p.m.•4 views

Improper Null Termination

Overview Affected versions of this package are vulnerable to Improper Null Termination via the madrwavstrlen function. An attacker can cause memory access violations and application crashes by submitting specially crafted WAV files that exploit improper null-termination handling in the coding...

5.5CVSS5.9AI score0.00006EPSS

Exploits1References2

OSV•added 2026/03/03 1:25 p.m.•2 views

SUSE-SU-2026:0780-1 Security update for tracker-miners

This update for tracker-miners fixes the following issues: - CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files bsc1257606. - CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files bsc1257607. -...

6.1AI score

Exploits1References9

Ubuntu•added 2026/02/05 2:47 p.m.•1 views

USN-8019-1: tracker-miners vulnerabilities

Fatih Çelik discovered that tracker-miners incorrectly handled certain malformed MP3 files. An attacker could use this issue to cause tracker-miners to crash, resulting in a denial of service, or possibly execute arbitrary code...

5.7AI score

Exploits1

Positive Technologies•added 2026/01/01 12:0 a.m.•4 views

PT-2026-6841

Name of the Vulnerable Software and Affected Versions tracker-miners affected versions not specified Description A flaw exists in tracker-miners related to the handling of malformed MP3 files. Specifically, the software incorrectly processes certain MP3 files, potentially leading to a denial of...

6AI score

Exploits1References20

Malwarebytes•added 2025/12/23 12:28 p.m.•4 views

Hacktivists claim near-total Spotify music scrape

Hacktivist group Anna’s Archive claims to have scraped almost all of Spotify’s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform into a roughly 300 TB pirate “preservation archive.” On its blog, the group states: “A while ago, we discovered a way to scrape...

7.2AI score

Exploits0

HackRead•added 2025/12/23 10:59 a.m.•4 views

Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape

Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how "Anna’s Archive" bypassed security, and why experts warn against downloading the leaked files...

7AI score

Exploits0

RedhatCVE•added 2025/12/02 1:57 p.m.•2 views

CVE-2025-65405

A flaw was found in Live555. A use-after-free issue in ADTSAudioFileSource::samplingFrequency allows attackers to cause a denial of service via a specially crafted ADTS/AAC file...

6.5CVSS6.4AI score0.00089EPSS

Exploits1References2