CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff09406779243d2fc9bc760936ed5d719341a950dcd013607c74fb31c9b437f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References6

OSV•added 2025/09/15 11:47 p.m.•3 views

MAL-2025-47142 Malicious code in @ctrl/torrent-file (npm)

6.9AI score

Exploits0References6

Snyk•added 2025/09/15 7:39 a.m.•2 views

Embedded Malicious Code

Overview @ctrl/torrent-file is a package to parse a torrent file and read encoded data. Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including...

9.8CVSS6.9AI score

Exploits0References2

SUSE CVE•added 2023/02/15 6:12 a.m.•7 views

SUSE CVE-2007-2274

The BitTorrent implementation in Opera 9.2 allows remote attackers to cause a denial of service CPU consumption and application crash via a malformed torrent file. NOTE: the original disclosure refers to this as a memory leak, but it is not certain...

7.8CVSS6.7AI score0.08202EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 6:12 a.m.•5 views

SUSE CVE-2007-2809

Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274...

9.3CVSS8.1AI score0.06314EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 6:1 a.m.•4 views

SUSE CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. dot dot in a pathname within a .torrent file...

8.8CVSS7.1AI score0.04194EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 3:49 a.m.•3 views

SUSE CVE-2021-3427

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's...

6.1CVSS6.2AI score0.00736EPSS

Exploits1References3

Gentoo Linux•added 2022/10/16 12:0 a.m.•28 views

Deluge: Cross-Site Scripting

Background Deluge is a BitTorrent client. Description Deluge does not sufficiently sanitize crafted torrent file data, leading to the application interpreting untrusted data as HTML. Impact An attacker can achieve XSS via a crafted torrent file. Workaround There is no known workaround at this tim...

6.1CVSS1.4AI score0.00736EPSS

Exploits1

Tenable Nessus•added 2022/10/16 12:0 a.m.•17 views

GLSA-202210-07 : Deluge: Cross-Site Scripting

The remote host is affected by the vulnerability described in GLSA-202210-07 Deluge: Cross-Site Scripting - The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies t...

6.1CVSS6.6AI score0.00736EPSS

Exploits1References3

OSV•added 2022/08/27 12:0 a.m.•16 views

GHSA-5C8P-QHCH-QHX6 Deluge Web-UI vulnerable to XSS through a crafted torrent file

The Deluge Web-UI is vulnerable to cross-site scripting through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context ...

6.1CVSS5.9AI score0.00736EPSS

Exploits1References7