Lucene search
+L

73 matches found

osv
osv
added 2026/07/07 11:16 p.m.4 views

UBUNTU-CVE-2026-50810

A NULL pointer dereference in smoothparsestreamindex in src/mediatools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References5
osv
osv
added 2026/07/07 12:0 a.m.5 views

CVE-2026-50810

A NULL pointer dereference in smoothparsestreamindex in src/mediatools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References5
cve
cve
added 2026/07/07 12:0 a.m.14 views

CVE-2026-50810

CVE-2026-50810 describes a NULL pointer dereference in GPAC’s mpd.c: smooth_parse_stream_index() (GPAC master HEAD, before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5). The flaw can lead to denial of service. Details in the provided sources identify the vulnerable function and file, the modul...

5.5CVSS6AI score0.00122EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/07 12:0 a.m.26 views

CVE-2026-50810

A NULL pointer dereference in smoothparsestreamindex in src/mediatools/mpd.c in GPAC master HEAD before commit b35c61f104b85fbb16520ac2838d5d2ef70845b5 allows attackers to cause a denial of service...

0.00122EPSS
Exploits0References3
susecve
susecve
added 2026/05/30 1:59 a.m.12 views

SUSE CVE-2026-49129

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS5.8AI score0.00281EPSS
Exploits0References3
nessus
nessus
added 2026/05/29 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-49128

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local...

8.7CVSS5.7AI score0.00501EPSS
Exploits0References3
nvd
nvd
added 2026/05/28 8:16 p.m.11 views

CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS0.0026EPSS
Exploits0References7
osv
osv
added 2026/05/28 8:16 p.m.9 views

UBUNTU-CVE-2026-49130

Music Player Daemon MPD before version 0.24.11 contains a CRLF injection vulnerability in the xspfchardata function within the XSPF playlist plugin that allows attackers to embed literal CR/LF bytes in URI fields by supplying a malicious XSPF playlist with XML numeric character references...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References9
osv
osv
added 2026/05/28 7:10 p.m.3 views

CVE-2026-49129 Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin

Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...

6.9CVSS6AI score0.00281EPSS
Exploits0References10
debiancve
debiancve
added 2026/05/28 6:59 p.m.10 views

CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6.1AI score0.0051EPSS
Exploits0
cnnvd
cnnvd
added 2026/05/28 12:0 a.m.13 views

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from an issue with the xspfchardata function in the XSPF playlist plugin, allowing attackers to embed text CR/LF bytes in...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References7
vulnersosv
vulnersosv
added 2026/04/22 8:17 p.m.9 views

org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

8.7CVSS5.8AI score0.00408EPSS
Exploits0
euvd
euvd
added 2025/11/21 9:27 a.m.8 views

EUVD-2025-198433

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS4.5AI score0.00205EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-28591

Malware in sbrugna...

9.8CVSS9AI score0.03004EPSS
Exploits1References3
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-51062

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01175EPSS
Exploits1References4
ossf
ossf
added 2025/08/14 6:52 p.m.5 views

Malicious code in @zalastax/nolb-mpd (npm)

The package @zalastax/nolb-mpd was found to contain malicious code...

7AI score
Exploits0
osv
osv
added 2025/08/14 6:52 p.m.2 views

MAL-2025-12404 Malicious code in @zalastax/nolb-mpd (npm)

The package @zalastax/nolb-mpd was found to contain malicious code...

7.2AI score
Exploits0
redhatcve
redhatcve
added 2025/05/23 12:29 a.m.8 views

CVE-2022-48363

In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer...

7.5CVSS6.9AI score0.01175EPSS
Exploits1
redhatcve
redhatcve
added 2025/02/05 7:51 a.m.7 views

CVE-2024-41176

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

7.3CVSS7.1AI score0.00265EPSS
Exploits0
nvd
nvd
added 2024/08/27 8:15 a.m.29 views

CVE-2024-41176

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

7.3CVSS0.00265EPSS
Exploits0References1
Rows per page
Query Builder