Lucene search
+L

74 matches found

OSV
OSV
added 2026/06/16 8:59 p.m.9 views

GHSA-C6MH-FPJC-4PR3 yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

Summary A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. Details The fix for CVE-2024-38519 enforced an allowlist for file extensions, in orde...

8.3CVSS5.8AI score0.00555EPSS
Exploits1References6
NVD
NVD
added 2026/05/29 2:16 p.m.46 views

CVE-2026-45578

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...

8.8CVSS0.00318EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 1:14 p.m.11 views

CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 1:14 p.m.37 views

CVE-2026-45578

CVE-2026-45578 : OS command injection in WWBN/AVideo’s on_publish.php (YPTSocket path). The code builds an execAsync() command by string-concatenating three values, wrapping each in literal single quotes ('$users_id', '$m3u8', '{$obj->liveTransmitionHistory_id}'), but does not apply escapeshel...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/29 1:14 p.m.42 views

CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...

8.8CVSS0.00318EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 1:14 p.m.3 views

CVE-2026-45578 WWBN AVideo Live: OS command injection in on_publish.php execAsync via unescaped m3u8 URL

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...

8.8CVSS6AI score0.00318EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6112

Malware in sbrugna...

5.5CVSS5.8AI score0.01279EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-52292

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:53 a.m.8 views

CVE-2024-54116

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...

7.5CVSS6.8AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:57 p.m.8 views

CVE-2020-13904

FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parseplaylist in libavformat/hls.c frees a pointer, and later that pointer is accessed in avprobeinputformat3 in libavformat/format.c...

5.5CVSS6.7AI score0.01279EPSS
Exploits1
Cvelist
Cvelist
added 2025/04/15 10:24 a.m.25 views

CVE-2025-32943 PeerTube HLS Video Files Path Traversal

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...

3.7CVSS0.00476EPSS
Exploits1References2
OSV
OSV
added 2025/04/15 10:24 a.m.5 views

CVE-2025-32943 PeerTube HLS Video Files Path Traversal

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint...

3.7CVSS6AI score0.00476EPSS
Exploits1References5
CNVD
CNVD
added 2024/12/20 12:0 a.m.6 views

Huawei HarmonyOS buffer overflow vulnerability (CNVD-2025-1334123)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability. The vulnerability originates from the M3U8 module and can be exploited by an attacker to cause...

7.5CVSS6.8AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2024/12/12 12:15 p.m.37 views

CVE-2024-54116

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...

7.5CVSS0.00236EPSS
Exploits0References1
OSV
OSV
added 2024/12/12 12:15 p.m.5 views

CVE-2024-54116

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...

7.5CVSS5.8AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/12 12:12 p.m.30 views

CVE-2024-54116

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...

4.3CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2024/12/12 12:12 p.m.60 views

CVE-2024-54116

The CVE-2024-54116 entry concerns Huawei HarmonyOS (M3U8 module) with an out-of-bounds read vulnerability in the M3U8 component. Connected sources describe a buffer/out-of-bounds access in the M3U8 module that can cause affected features to behave abnormally. The NVD description cites an impact o...

7.5CVSS4.6AI score0.00236EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/12 12:12 p.m.14 views

CVE-2024-54116

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...

4.3CVSS6.8AI score0.00236EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.5 views

Huawei HarmonyOS 缓冲区错误漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability. The vulnerability originates from the M3U8 module and can be exploited by an attacker to cause...

7.5CVSS7.2AI score0.00236EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/04/03 12:0 a.m.9 views

The vulnerability of the ExtractAttributes function (media_tools/m3u8.c:329) on the multimedia platform GPAC allows a perpetrator to trigger a service failure.

The vulnerability of the ExtractAttributes function mediatools/m3u8.c:329 of the multimedia platform GPAC is related to the lack of memory release after the effective lifespan has ended. Exploiting this vulnerability can allow a malicious actor to cause service failure...

7.1CVSS7AI score0.00309EPSS
Exploits1References4Affected Software3
Rows per page
Query Builder