74 matches found
GHSA-C6MH-FPJC-4PR3 yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)
Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. Details The fix for CVE-2024-38519 enforced an allowlist for file extensions, in orde...
CVE-2026-45578
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...
CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...
CVE-2026-45578
CVE-2026-45578 : OS command injection in WWBN/AVideo’s on_publish.php (YPTSocket path). The code builds an execAsync() command by string-concatenating three values, wrapping each in literal single quotes ('$users_id', '$m3u8', '{$obj->liveTransmitionHistory_id}'), but does not apply escapeshel...
CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...
CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...
EUVD-2020-6112
Malware in sbrugna...
EUVD-2024-52292
Malicious code in bioql PyPI...
CVE-2024-54116
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2020-13904
FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parseplaylist in libavformat/hls.c frees a pointer, and later that pointer is accessed in avprobeinputformat3 in libavformat/format.c...
CVE-2025-32943 PeerTube HLS Video Files Path Traversal
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...
CVE-2025-32943 PeerTube HLS Video Files Path Traversal
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...
Huawei HarmonyOS buffer overflow vulnerability (CNVD-2025-1334123)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability. The vulnerability originates from the M3U8 module and can be exploited by an attacker to cause...
CVE-2024-54116
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2024-54116
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2024-54116
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2024-54116
The CVE-2024-54116 entry concerns Huawei HarmonyOS (M3U8 module) with an out-of-bounds read vulnerability in the M3U8 component. Connected sources describe a buffer/out-of-bounds access in the M3U8 module that can cause affected features to behave abnormally. The NVD description cites an impact o...
CVE-2024-54116
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
Huawei HarmonyOS 缓冲区错误漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability. The vulnerability originates from the M3U8 module and can be exploited by an attacker to cause...
The vulnerability of the ExtractAttributes function (media_tools/m3u8.c:329) on the multimedia platform GPAC allows a perpetrator to trigger a service failure.
The vulnerability of the ExtractAttributes function mediatools/m3u8.c:329 of the multimedia platform GPAC is related to the lack of memory release after the effective lifespan has ended. Exploiting this vulnerability can allow a malicious actor to cause service failure...