CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27034 matches found

Radio Player <= 2.0.82 - Server-Side Request Forgery

The Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.82. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

7.2CVSS7.4AI score0.8095EPSS

Exploits1References4

Nuclei•added 3 days ago•8 views

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

5.9AI score

Exploits0References4

Nuclei•added 4 days ago•122 views

WordPress HTML5 Video Player < 2.5.27 - SQL Injection

The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks id: CVE-2024-5522 info: name: WordPress HTML5 Video Player 2.5.27 - SQL Injection...

6.5CVSS5.9AI score0.83843EPSS

Exploits6References2

SUSE CVE•added 6 days ago•7 views

SUSE CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6.1AI score0.00083EPSS

Exploits0References3

SUSE CVE•added 6 days ago•8 views

SUSE CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00148EPSS

Exploits0References3

SUSE CVE•added 6 days ago•8 views

SUSE CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00059EPSS

Exploits0References3

SUSE CVE•added 6 days ago•7 views

SUSE CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.00064EPSS

Exploits0References3

RedhatCVE•added last week•8 views

CVE-2026-49129

6.9CVSS5.8AI score0.00059EPSS

Exploits0References1

RedhatCVE•added last week•6 views

CVE-2026-49130

6.9CVSS5.8AI score0.00064EPSS

Exploits0References1

Nuclei•added 2026/05/29 3:59 a.m.•172 views

WordPress HTML5 Video Player - SQL Injection

WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks. id: CVE-2024-1061 info: name: WordPress HTML5 Video Player - SQL Injection author: xxcdd severity: critical description: | WordPress HTM...

9.8CVSS7.4AI score0.8337EPSS

Exploits1References5

Tenable Nessus•added 2026/05/29 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set withou...

6.9CVSS5.8AI score0.00059EPSS

Exploits0References3

Tenable Nessus•added 2026/05/29 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-49127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows...

8.8CVSS6.1AI score0.00083EPSS

Exploits0References3

Tenable Nessus•added 2026/05/29 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-49130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows...

6.9CVSS5.8AI score0.00064EPSS

Exploits0References3