CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

ATTACKERKB•added 2026/05/28 7:12 p.m.•5 views

CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.0026EPSS

Exploits0References7

Cvelist•added 2026/03/09 10:35 p.m.•36 views

CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure

WWBN AVideo is an open source video platform. Prior to 25.0, the /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or authorization. An unauthenticated attacker can enumerate user IDs and retrieve playlist information including playli...

6.9CVSS0.00365EPSS

Exploits1References2

Vulnrichment•added 2026/03/09 10:35 p.m.•2 views

CVE-2026-30885 WWBN AVideo - Unauthenticated IDOR - Playlist Information Disclosure

6.9CVSS5.8AI score0.00365EPSS

Exploits1References2

OSV•added 2026/03/07 2:25 a.m.•3 views

GHSA-6W2R-CFPC-23R5 AVideo has Unauthenticated IDOR - Playlist Information Disclosure

Product: AVideo https://github.com/WWBN/AVideo Version: Latest tested March 2026 Type: Insecure Direct Object Reference IDOR Auth Required: No User Interaction: None Summary The /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or...

6.9CVSS5.8AI score0.00365EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by