CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

358 matches found

RedhatCVE•added 2026/06/05 7:19 p.m.•7 views

CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.6AI score0.00501EPSS

Exploits0References1

SUSE CVE•added 2026/05/30 1:59 a.m.•9 views

SUSE CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6.1AI score0.0051EPSS

Exploits0References3

SUSE CVE•added 2026/05/30 1:59 a.m.•11 views

SUSE CVE-2026-49128

8.7CVSS5.9AI score0.00501EPSS

Exploits0References3

SUSE CVE•added 2026/05/30 1:59 a.m.•10 views

SUSE CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS

Exploits0References3

SUSE CVE•added 2026/05/30 1:59 a.m.•8 views

SUSE CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.0026EPSS

Exploits0References3

RedhatCVE•added 2026/05/29 8:13 p.m.•10 views

CVE-2026-49129

6.9CVSS5.8AI score0.00281EPSS

Exploits0References1

RedhatCVE•added 2026/05/29 8:13 p.m.•7 views

CVE-2026-49130

6.9CVSS5.8AI score0.0026EPSS

Exploits0References1

Tenable Nessus•added 2026/05/29 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-49130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows...

6.9CVSS5.5AI score0.0026EPSS

Exploits0References3

Tenable Nessus•added 2026/05/29 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-49127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows...

8.8CVSS6AI score0.0051EPSS

Exploits0References3

Tenable Nessus•added 2026/05/29 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-49129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set withou...

6.9CVSS5.6AI score0.00281EPSS

Exploits0References3