CVE-2026-41458

OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access to the global DAAP session list. Attackers can flood the DAAP /login endpoint with concurrent...

PT-2026-3655

A NULL pointer dereference in the parse meta function src/httpd daap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699 Multiple Vulnerabilities

No description provided by source. Luigi Auriemma Application: Firefly Media Server mt-daapd http://www.fireflymediaserver.org Versions: = 2.4.1 and SVN = 1699 Platforms: nix, Windows, Mac and others...

Multiple vulnerabilities in Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699

Luigi Auriemma Application: Firefly Media Server mt-daapd http://www.fireflymediaserver.org Versions: = 2.4.1 and SVN = 1699 Platforms: nix, Windows, Mac and others Bugs: A partial directory traversal on Windows B authentication bypass on Windows C duplicated HTTP parameter Denial of Service D CP...

Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699 Multiple Vulnerabilities

Exploit for unknown platform in category remote exploits ========================================================================= Firefly Media Server mt-daapd 2.4.1 / SVN 1699 Multiple Vulnerabilities ========================================================================= Luigi Auriemma...