Lucene search
K

9 matches found

NVD
NVD
added 2026/05/29 6:16 p.m.15 views

CVE-2026-10108

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...

8.7CVSS0.00513EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:51 p.m.7 views

CVE-2026-10108

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...

8.7CVSS5.9AI score0.00513EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/29 4:51 p.m.12 views

EUVD-2026-33366

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...

8.7CVSS5.9AI score0.00513EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44924

Name of the Vulnerable Software and Affected Versions xiaomusic version 0.5.7 Description An unauthenticated path traversal issue exists in the 'GET /music/file path:path' endpoint. This occurs due to an incomplete path prefix check and a missing trailing separator in the comparison logic...

8.7CVSS5.9AI score0.00513EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

XiaoMusic 路径遍历漏洞

XiaoMusic is a music playback tool developed by Hanxi, allowing unlimited song listening through the XiaoAi speaker. Version 0.5.7 of XiaoMusic has a path traversal vulnerability. This vulnerability stems from the GET /music/filepath:path endpoint, where unauthorized path traversal is allowed,...

8.7CVSS5.8AI score0.00513EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 8:16 p.m.10 views

DEBIAN-CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 8:16 p.m.8 views

UBUNTU-CVE-2026-49128

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/28 7:2 p.m.10 views

CVE-2026-49128 Music Player Daemon < 0.24.11 Path Traversal via LocalStorage URI Handling

Music Player Daemon MPD before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk path is constructed by joining the storage root with a user-supplied URI as plain strings without...

8.7CVSS5.9AI score0.00501EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2018/05/11 7:44 p.m.9 views

Vega Stealer Malware Takes Aim at Chrome, Firefox

A malware dubbed Vega Stealer has been uncovered, looking to make off with saved credentials and credit-card information in the Chrome and Firefox browsers. While it’s a simple payload for now, researchers said it has the ability to evolve into something more concerning in the future. Proofpoint,...

2.1AI score
Exploits0References5
Rows per page
Query Builder