CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

357 matches found

SUSE CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6.1AI score0.00083EPSS

Exploits0References3

SUSE CVE•added 5 days ago•7 views

SUSE CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00148EPSS

Exploits0References3

SUSE CVE•added 5 days ago•7 views

SUSE CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00059EPSS

Exploits0References3

SUSE CVE•added 5 days ago•6 views

SUSE CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.00064EPSS

Exploits0References3

RedhatCVE•added 6 days ago•7 views

CVE-2026-49129

6.9CVSS5.8AI score0.00059EPSS

Exploits0References1

RedhatCVE•added 6 days ago•5 views

CVE-2026-49130

6.9CVSS5.8AI score0.00064EPSS

Exploits0References1

Tenable Nessus•added 6 days ago•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set withou...

6.9CVSS5.8AI score0.00059EPSS

Exploits0References3

Tenable Nessus•added 6 days ago•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows...

6.9CVSS5.8AI score0.00064EPSS

Exploits0References3

Tenable Nessus•added 6 days ago•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows...

8.8CVSS6.1AI score0.00083EPSS

Exploits0References3