CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/28 12:0 a.m.•6 views

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from an issue with the xspfchardata function in the XSPF playlist plugin, allowing attackers to embed text CR/LF bytes in...

6.9CVSS5.8AI score0.00064EPSS

Exploits0References7

vulnersOsv•added 2026/04/22 8:17 p.m.•2 views

org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

8.7CVSS5.8AI score0.0002EPSS

EUVD•added 2025/11/21 9:27 a.m.•3 views

EUVD-2025-198433

The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpdprtitletag' and 'mpdprsubtitletag' parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on...

6.4CVSS4.5AI score0.00037EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-28591

Malware in sbrugna...

9.8CVSS9AI score0.03013EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-51062

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00524EPSS

Exploits1References4

OSV•added 2025/08/14 6:52 p.m.•1 views

MAL-2025-12404 Malicious code in @zalastax/nolb-mpd (npm)

The package @zalastax/nolb-mpd was found to contain malicious code...

7.2AI score

OSSF Malicious Packages•added 2025/08/14 6:52 p.m.•3 views

Malicious code in @zalastax/nolb-mpd (npm)

The package @zalastax/nolb-mpd was found to contain malicious code...

7AI score

RedhatCVE•added 2025/05/23 12:29 a.m.•4 views

CVE-2022-48363

In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer...

7.5CVSS6.9AI score0.00524EPSS

Exploits1

RedhatCVE•added 2025/02/05 7:51 a.m.•4 views

CVE-2024-41176

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local attacker to induce a Denial-of-Service DoS condition on the daemon and execute code in the context of user “root” via a crafted HTTP request...

NVD•added 2024/08/27 8:15 a.m.•11 views

CVE-2024-41176

7.3CVSS0.00131EPSS

OSV•added 2024/08/27 8:15 a.m.•2 views

CVE-2024-41176

7.3CVSS5.9AI score

Cvelist•added 2024/08/27 8:1 a.m.•12 views

CVE-2024-41176 Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD

7.3CVSS0.00131EPSS

Vulnrichment•added 2024/08/27 8:1 a.m.•17 views

CVE-2024-41176 Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD

CVE•added 2024/08/27 8:1 a.m.•77 views

CVE-2024-41176

CVE-2024-41176 affects Beckhoff: TwinCAT/BSD MPD package. An authenticated, low-privileged local attacker can cause a DoS in the daemon and execute code in the root context via a crafted HTTP request. Documented impact is local, with potential for full system compromise; exploitation status is no...

Exploits0References1Affected Software2

Positive Technologies•added 2024/08/27 12:0 a.m.•3 views

PT-2024-8730 · Beckhoff · Twincat/Bsd

Name of the Vulnerable Software and Affected Versions: TwinCAT/BSD affected versions not specified Description: The issue is related to a buffer overflow in the MPD package of TwinCAT/BSD, which can be exploited by an authenticated, low-privileged local attacker. This can lead to a...