CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

67 matches found

CVE-2026-50232

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

7.2CVSS5.3AI score0.00029EPSS

Exploits2References1

NVD•added 3 days ago•6 views

CVE-2026-50232

7.2CVSS0.00029EPSS

Exploits2References2

ATTACKERKB•added 3 days ago•4 views

CVE-2026-50232

7.2CVSS5.3AI score0.00029EPSS

Exploits2References3Affected Software1

Vulnrichment•added 3 days ago•3 views

CVE-2026-50232 Lyrion Music Server 9.2.0 Stored XSS via Metadata Tags

7.2CVSS5.3AI score0.00029EPSS

Exploits2References2

CVE•added 3 days ago•15 views

CVE-2026-50232

Lyrion Music Server 9.2.0 is affected by a stored XSS vulnerability via media metadata tags (GENRE, ARTIST, ALBUM). The issue allows an attacker to craft files containing XSS payloads in metadata that execute in the web interface when users view track information or play files, potentially enabli...

7.2CVSS5.3AI score0.00029EPSS

Exploits2References2

Cvelist•added 3 days ago•31 views

CVE-2026-50232 Lyrion Music Server 9.2.0 Stored XSS via Metadata Tags

7.2CVSS0.00029EPSS

Exploits2References2

EUVD•added 3 days ago•7 views

EUVD-2026-34831

7.2CVSS5.3AI score0.00029EPSS

Exploits2References2

Positive Technologies•added 3 days ago•10 views

PT-2026-46951

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description A stored cross-site scripting issue exists where attackers can inject malicious scripts through media file metadata tags, specifically GENRE, ARTIST, and ALBUM. These payloads execute within the we...

7.2CVSS5.2AI score0.00029EPSS

Exploits2References6

NVD•added 2026/06/01 3:16 p.m.•12 views

CVE-2026-48559

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS0.00031EPSS

Exploits1References4

ATTACKERKB•added 2026/06/01 1:15 p.m.•8 views

CVE-2026-48559

5.4CVSS5.9AI score0.00031EPSS

Exploits1References5

EUVD•added 2026/06/01 1:15 p.m.•10 views

EUVD-2026-33640

5.4CVSS5.9AI score0.00031EPSS

Exploits1References4

Cvelist•added 2026/06/01 1:15 p.m.•24 views

CVE-2026-48559 Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags

5.4CVSS0.00031EPSS

Exploits1References4

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45437

5.4CVSS5.9AI score0.00031EPSS

Exploits1References5

NVD•added 2026/05/30 4:17 p.m.•16 views

CVE-2018-25419

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Attackers can send GET requests to genre.php with crafted SQL payloads in the genre parameter to extract...

8.8CVSS0.0009EPSS

Exploits0References4

ATTACKERKB•added 2026/05/30 2:55 p.m.•9 views

CVE-2018-25419

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/05/30 2:55 p.m.•22 views

CVE-2018-25419 AiOPMSD Final 1.0.0 SQL Injection via genre.php

8.8CVSS0.0009EPSS

Exploits0References4

CVE•added 2026/05/30 2:55 p.m.•15 views

CVE-2018-25419

AiOPMSD Final 1.0.0 is affected by an SQL injection in genre.php. The vulnerability allows unauthenticated attackers to send crafted SQL payloads via the genre parameter in GET requests to extract sensitive data (usernames, databases, version details). CVSS metrics are provided (3.1: 8.2 High; 4....

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4

EUVD•added 2026/05/30 2:55 p.m.•7 views

EUVD-2018-21941

8.8CVSS6.1AI score0.0009EPSS

Exploits0References4

CNNVD•added 2026/05/30 12:0 a.m.•6 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ‘genre’ parameter, which may allow unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0009EPSS

Exploits0References4

Positive Technologies•added 2026/05/30 12:0 a.m.•9 views

PT-2026-45119

8.8CVSS6.1AI score0.0009EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by