CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

SUSE CVE•added 2026/05/30 1:59 a.m.•8 views

SUSE CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00059EPSS

Exploits0References3

RedhatCVE•added 2026/05/29 8:13 p.m.•8 views

CVE-2026-49129

6.9CVSS5.8AI score0.00059EPSS

Exploits0References1

Tenable Nessus•added 2026/05/29 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49129

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set withou...

6.9CVSS5.6AI score0.00059EPSS

Exploits0References3

NVD•added 2026/05/28 8:16 p.m.•9 views

CVE-2026-49129

6.9CVSS0.00059EPSS

Exploits0References7

OSV•added 2026/05/28 8:16 p.m.•6 views

DEBIAN-CVE-2026-49129

6.9CVSS5.8AI score0.00059EPSS

Exploits0References1

OSV•added 2026/05/28 8:16 p.m.•5 views

UBUNTU-CVE-2026-49129

6.9CVSS5.8AI score0.00059EPSS

Exploits0References9

EUVD•added 2026/05/28 7:10 p.m.•5 views

EUVD-2026-33005

6.9CVSS5.8AI score0.00059EPSS

Exploits0References7

Cvelist•added 2026/05/28 7:10 p.m.•25 views

CVE-2026-49129 Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin

6.9CVSS0.00059EPSS

Exploits0References7

ATTACKERKB•added 2026/05/28 7:10 p.m.•6 views

CVE-2026-49129

6.9CVSS5.8AI score0.00059EPSS

Exploits0References7

Vulnrichment•added 2026/05/28 7:10 p.m.•10 views

CVE-2026-49129 Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin

6.9CVSS5.8AI score0.00059EPSS

Exploits0References7

Debian CVE•added 2026/05/28 7:10 p.m.•7 views

CVE-2026-49129

6.9CVSS5.8AI score0.00059EPSS

Exploits0

CVE•added 2026/05/28 7:10 p.m.•10 views

CVE-2026-49129

Music Player Daemon (MPD) <= 0.24.10 contains a server-side request forgery (SSRF) in CurlInputPlugin by setting CURLOPT_FOLLOWLOCATION without CURLOPT_REDIR_PROTOCOLS_STR. This allows unauthenticated attackers to bypass the http/https scheme restriction and redirect to non-HTTP protocols (e.g...

6.9CVSS5.8AI score0.00059EPSS

Exploits0References7

Positive Technologies•added 2026/05/28 12:0 a.m.•7 views

PT-2026-44496

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPT FOLLOWLOCATION is set without CURLOPT REDIR PROTOCOLS STR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTT...

6.9CVSS5.8AI score0.00059EPSS

Exploits0References7

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from a server-side request forgeing issue in CurlInputPlugin. When the CURLOPTFOLLOWLOCATION option was set, the...

6.9CVSS5.8AI score0.00059EPSS

Exploits0References7

Cvelist•added 2026/03/13 7:0 p.m.•22 views

CVE-2026-30853 calibre has a Path Traversal Leading to Arbitrary File Write

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook .rb input plugin src/calibre/ebooks/rb/reader.py allows an attacker to write arbitrary files to any path writable by the calibre...

5CVSS0.0003EPSS

Exploits1References1

OSV•added 2026/01/18 10:15 a.m.•3 views

CVE-2025-15537

A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbffile::stringvalue of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

5.5CVSS5.5AI score

Exploits0References6

EUVD•added 2025/11/24 3:30 p.m.•2 views

EUVD-2025-198811

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins fail to sanitize tagkey inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tagkey values containing special characters such as newlines or ../ that are treated as valid tags...

9.1CVSS6.5AI score0.00094EPSS

Exploits0References2

EUVD•added 2025/11/24 3:30 p.m.•1 views

EUVD-2025-198807

Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...

5.4CVSS6.6AI score0.00196EPSS

Exploits0References2

OSV•added 2025/11/24 3:15 p.m.•4 views

AZL-71102 CVE-2025-12977 affecting package fluent-bit for versions less than 3.1.10-4

9.1CVSS5.8AI score0.00094EPSS

Exploits0References1

OSV•added 2025/11/24 3:15 p.m.•0 views

AZL-71074 CVE-2025-12970 affecting package fluent-bit for versions less than 3.0.6-6

The extractname function in Fluent Bit indocker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary...

8.8CVSS6.2AI score0.00188EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by