7 matches found
CVE-2026-49129 Music Player Daemon < 0.24.11 SSRF via CurlInputPlugin
Music Player Daemon MPD before version 0.24.11 contains a server-side request forgery vulnerability in CurlInputPlugin where CURLOPTFOLLOWLOCATION is set without CURLOPTREDIRPROTOCOLSSTR, allowing unauthenticated attackers to bypass the http/https scheme restriction by causing a malicious HTTP...
EUVD-2022-51062
Malicious code in bioql PyPI...
CVE-2022-48363
In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer...
CVE-2022-48363
In MPD before 0.23.8, as used on Automotive Grade Linux and other platforms, the PipeWire output plugin mishandles a Drain call in certain situations involving truncated files. Eventually there is an assertion failure in libmpdclient because libqtappfw passes in a NULL pointer...
CVE-2022-46449
An issue in MPD Music Player Daemon v0.23.10 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2022-46449
An issue in MPD Music Player Daemon v0.23.10 allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2022-46449
An issue in MPD Music Player Daemon v0.23.10 allows attackers to cause a Denial of Service DoS via a crafted input...