Lucene search
+L

167 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.12 views

Malicious code in @img-hls/vtt.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad530c5830e0148f1b5b34ac28336c1b1468d5a11ffa2ff265368e13199cceb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/29 4:53 p.m.7 views

MAL-2026-6628 Malicious code in @img-hls/vtt.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad530c5830e0148f1b5b34ac28336c1b1468d5a11ffa2ff265368e13199cceb4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/18 8:52 a.m.4 views

SUSE-SU-2026:2445-1 Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues Update to version 4.4.7: - CVE-2023-6601: HLS Unsafe File Extension Bypass bsc1220545. - CVE-2024-35366: FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When...

9.8CVSS7AI score0.00715EPSS
Exploits3References20
Vulnrichment
Vulnrichment
added 2026/05/27 3:10 p.m.12 views

CVE-2026-44353 Streamlink: Arbitrary local file read via file:// URI in HLS and DASH

Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries and other resources. A remote .m3u8 HLS playlist or .mpd DASH manifest can list file:///path/to/file...

6.5CVSS5.8AI score0.00345EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Streamlink 安全漏洞

Streamlink is an open-source command-line tool developed by Streamlink that pushes live streaming media to video players. Versions of Streamlink prior to 8.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the HLS and DASH parsers did not validate the URI...

6.5CVSS5.8AI score0.00345EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in ffmpeg

A flaw was discovered in FFmpeg’s HLS playlist parsing. This vulnerability allows for a denial of service through a maliciously crafted HLS playlist, which triggers a null pointer dereference during initialization...

7.5CVSS6.4AI score0.00544EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/11 2:28 p.m.18 views

External Control of File Name or Path

Overview streamlink is a Streamlink is a command-line utility that extracts streams from various services and pipes them into a video player of choice. Affected versions of this package are vulnerable to External Control of File Name or Path via the parsing process for HLS and DASH playlists or...

7.1CVSS6AI score0.00345EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 6:13 p.m.9 views

CVE-2026-34369 AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the getapivideofile and getapivideo API endpoints in AVideo return full video playback sources direct MP4 URLs, HLS manifests for password-protected videos without verifying the video password. While the normal we...

5.3CVSS5.9AI score0.00376EPSS
Exploits1References4
OSV
OSV
added 2026/03/25 9:58 a.m.8 views

SUSE-SU-2026:20932-1 Security update for ffmpeg-7

This update for ffmpeg-7 fixes the following issues: - Updated to version 7.1.2: avcodec/librsvgdec: fix compilation with librsvg 2.50.3 libavfilter/affirequalizer: Add check for avmallocarray avcodec/libsvtav1: unbreak build with latest svtav1 avformat/hls: Fix Youtube AAC Various bugfixes...

5.3CVSS5.9AI score0.00342EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/22 4:26 p.m.30 views

CVE-2026-33292 AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos

WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two...

7.5CVSS0.00688EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/22 4:26 p.m.2 views

CVE-2026-33292 AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos

WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two...

7.5CVSS5.9AI score0.00688EPSS
Exploits1References2
CVE
CVE
added 2026/03/22 4:26 p.m.18 views

CVE-2026-33292

Summary (CVE-2026-33292) : WWBN AVideo is vulnerable prior to 26.0 due to a path traversal split-oracle in the HLS endpoint view/hls.php. The GET parameter videoDirectory is processed in two code paths: an authorization path that truncates after the first slash, and a file-access path that preser...

7.5CVSS5.9AI score0.00688EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/22 4:26 p.m.5 views

CVE-2026-33292 AVideo has Authorization Bypass via Path Traversal in HLS Endpoint Allows Streaming Private/Paid Videos

WWBN AVideo is an open source video platform. Prior to version 26.0, the HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two...

7.5CVSS6AI score0.00688EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.9 views

PT-2026-26470

Summary The HLS streaming endpoint view/hls.php is vulnerable to a path traversal attack that allows an unauthenticated attacker to stream any private or paid video on the platform. The videoDirectory GET parameter is used in two divergent code paths — one for authorization which truncates at the...

7.5CVSS5.9AI score0.00688EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/01/24 12:0 a.m.7 views

SUSE SLES15: libavcodec58_134 / libavformat58_76 / libavutil56_70 / etc (SUSE-SU-2026:0229-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0229-1 advisory. - CVE-2023-6601: Fixed HLS Unsafe File Extension Bypass bsc1220545. - CVE-2025-63757: Fixed integer overflow in yuv2ya16Xctemplate...

7.5CVSS6.7AI score0.00397EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2026/01/22 12:22 p.m.5 views

Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues: CVE-2023-6601: Fixed HLS Unsafe File Extension Bypass bsc1220545. CVE-2025-63757: Fixed integer overflow in yuv2ya16Xctemplate bsc1255392. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.7CVSS5.5AI score0.00397EPSS
Exploits1References8
OSV
OSV
added 2026/01/22 12:22 p.m.8 views

SUSE-SU-2026:0229-1 Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues: - CVE-2023-6601: Fixed HLS Unsafe File Extension Bypass bsc1220545. - CVE-2025-63757: Fixed integer overflow in yuv2ya16Xctemplate bsc1255392...

7.5CVSS6.8AI score0.00397EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

SUSE SLED15: ffmpeg-4 / ffmpeg-4-libavcodec-devel / ffmpeg-4-libavdevice-devel / etc (SUSE-SU-2026:0198-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0198-1 advisory. - CVE-2023-6601: Fixed HLS Unsafe File Extension Bypass bsc1220545. - CVE-2025-63757: Fixed...

7.5CVSS6.7AI score0.00397EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2026/01/21 10:16 a.m.6 views

Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues: CVE-2023-6601: Fixed HLS Unsafe File Extension Bypass bsc1220545. CVE-2025-63757: Fixed integer overflow in yuv2ya16Xctemplate bsc1255392. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.7CVSS5.5AI score0.00397EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/01/17 12:0 a.m.5 views

Debian dla-4440 : ffmpeg - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4440 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4440-1 [email protected]...

8.8CVSS7.5AI score0.00544EPSS
Exploits2References16
Rows per page
Query Builder