81 matches found
Cross-site Scripting (XSS)
Overview beets is a media library management system for obsessive music geeks. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the included index.html template. An attacker can execute scripts in a victim’s browser by supplying crafted music metadata fields su...
CVE-2026-32889
tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...
CVE-2026-32889
Tinytag (Python) version 2.2.0 is affected by a Denial of Service via a non-terminating SYLT frame parsing loop when processing attacker-supplied MP3s. The root cause is in _parse_synced_lyrics/_find_string_end_pos where an absent string terminator can cause the parser to reset its offset and nev...
CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop
tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...
CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop
tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...
CVE-2026-32889
tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...
CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop
tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...
Denial of service via non-terminating SYLT frame parsing loop in tinytag
Summary tinytag 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsin...
CVE-2026-1249
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...
CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...
CVE-2026-1249
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...
CVE-2026-1249
WordPress MP3 Audio Player by Sonaar (plugin versions 5.3–5.10) contains an authenticated (Author+) Server-Side Request Forgery vulnerability. Reported by kr0d, this flaw requires an authenticated user and may trigger server-side requests to internal or external endpoints. The Patchstack entry do...
CVE-2026-1249 MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 5.3 - 5.10 - Authenticated (Author+) Server-Side Request Forgery
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'loadlyricsajaxcallback' function. This makes it possible for authenticated attackers, with author level access and above, to mak...
WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-8097
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'load lyrics ajax callback' function. This makes it possible for authenticated attackers, with author level access and above, to...
CVE-2025-23533
Cross-Site Request Forgery CSRF vulnerability in zetxek WP Lyrics wplyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through = 0.4.1...
EUVD-2008-4652
Malware in sbrugna...
EUVD-2010-2725
Malware in sbrugna...
EUVD-2007-1610
Malware in sbrugna...
EUVD-2010-2726
Malware in sbrugna...