CVE-2026-47114 IINA < 1.4.3 Command Execution via iina://open URL Scheme

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that pass...

CVE-2026-47114 IINA < 1.4.3 Command Execution via iina://open URL Scheme

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that pass...

JLSEC-2026-476

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...

MINI-5MPV-585C-QF7M

Bulletin has no description...

CVE-2025-40238

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5edetachnetdev we eventually disable blocking events notifier, among those events are IPsec MPV events from IB to core. So before disabling those blocking events, make sur...

CVE-2025-40238 net/mlx5: Fix IPsec cleanup over MPV device

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5edetachnetdev we eventually disable blocking events notifier, among those events are IPsec MPV events from IB to core. So before disabling those blocking events, make sur...

CVE-2025-40238

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5edetachnetdev we eventually disable blocking events notifier, among those events are IPsec MPV events from IB to core. So before disabling those blocking events, make sur...

CVE-2025-40238 net/mlx5: Fix IPsec cleanup over MPV device

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5edetachnetdev we eventually disable blocking events notifier, among those events are IPsec MPV events from IB to core. So before disabling those blocking events, make sur...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an IPsec cleanup process that does not properly handle MPV device events, which could lead to a null pointer...

PT-2025-49065

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc6 for upstream min debug 2024 11 08 00 46 Description The Linux kernel contains a flaw within the mlx5 network driver related to IPsec cleanup over MPV devices. Specifically, the issue arises during the...

EUVD-2018-18117

Malware in sbrugna...

EUVD-2021-17082

Malware in sbrugna...

EUVD-2020-11722

Malware in sbrugna...

EUVD-2022-0564

Malicious code in bioql PyPI...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper handling of MPV functionality in flashcards. The MPV component processes user-supplied flashcard content with insufficient sanitization, enabling crafted inputs to execute arbitrary scripts on...

Linux Distros Unpatched Vulnerability : CVE-2021-30145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the integration with mpv, an attacker can achieve arbitrary code execution by including a malicious executable within a shared deck. Note: This vulnerability is specific to Windows operating systems...

CVE-2021-30145

A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file...

CVE-2020-19824

An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...

CVE-2024-45017 net/mlx5: Fix IPsec RoCE MPV trace call

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave, if master device doesn't support IPsec. WARNING: CPU: 44 PID: 16136 at kernel/locking/rwsem.c:240...