71 matches found
CVE-2026-45578
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...
CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...
CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...
CVE-2026-45578
CVE-2026-45578 : OS command injection in WWBN/AVideo’s on_publish.php (YPTSocket path). The code builds an execAsync() command by string-concatenating three values, wrapping each in literal single quotes ('$users_id', '$m3u8', '{$obj->liveTransmitionHistory_id}'), but does not apply escapeshel...
EUVD-2020-6112
Malware in sbrugna...
EUVD-2024-52292
Malicious code in bioql PyPI...
CVE-2024-54116
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2020-13904
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parseplaylist in libavformat/hls.c frees a pointer, and later that pointer is accessed in avprobeinputformat3 in libavformat/format.c...
CVE-2025-32943
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...
CVE-2025-32943 PeerTube HLS Video Files Path Traversal
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...
Huawei HarmonyOS buffer overflow vulnerability (CNVD-2025-1334123)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability. The vulnerability originates from the M3U8 module and can be exploited by an attacker to cause...
CVE-2024-54116
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2024-54116
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2024-54116
The CVE-2024-54116 entry concerns Huawei HarmonyOS (M3U8 module) with an out-of-bounds read vulnerability in the M3U8 component. Connected sources describe a buffer/out-of-bounds access in the M3U8 module that can cause affected features to behave abnormally. The NVD description cites an impact o...
CVE-2024-54116
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2024-54116
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
Huawei HarmonyOS 缓冲区错误漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability. The vulnerability originates from the M3U8 module and can be exploited by an attacker to cause...
Denial Of Service (DoS)
libgpac.so is vulnerable to Denial of Service DoS. The vulnerability is due to the extractattributes function of mediatools/m3u8.c which allows an attacker to cause denial-of-service DoS conditions on a vulnerable system by tricking it into processing a specially crafted m3u8 file. The attacker...
CVE-2023-48090
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extractattributes mediatools/m3u8.c:329...
CVE-2023-48090
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extractattributes mediatools/m3u8.c:329...