CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-0564

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.01227EPSS

Exploits1References3

Github Security Blog•added 2022/01/07 12:20 a.m.•28 views

OS Command Injection in node-mpv

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

9.8CVSS9.3AI score0.01227EPSS

Exploits1References4Affected Software1

OSV•added 2022/01/07 12:20 a.m.•11 views

GHSA-CQR2-XHG6-P268 OS Command Injection in node-mpv

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

9.8CVSS9.7AI score0.01227EPSS

Exploits1References3

CNVD•added 2021/05/19 12:0 a.m.•6 views

node-mpv formatting string error vulnerability

node-mpv is a Node.js based MPV player module. A security vulnerability exists in mpv version 0.33.0 and earlier versions, which can be exploited by an attacker to achieve code execution via a crafted m3u playlist file...

7.8CVSS7AI score0.01388EPSS

Exploits1References1

CNNVD•added 2021/05/18 12:0 a.m.•3 views

node-mpv 格式化字符串错误漏洞

7.8CVSS6.1AI score0.01388EPSS

Exploits1References8

Veracode•added 2020/04/07 9:59 a.m.•11 views

Remote Code Execution (RCE)

node-mpv is vulnerable to remote code execution RCE. The vulnerability exists because the parameter options was not sanitized properly, allowing to be controlled by the attacker by sending malicious code to execute...

9.8CVSS4.4AI score0.01227EPSS

Exploits1References1Affected Software1

CNVD•added 2020/04/07 12:0 a.m.•7 views

node-mpv command injection vulnerability

node-mpv is a wrapper to use the mpv player for node.js. A command injection vulnerability exists in node-mpv 1.4.3 and earlier. An attacker can exploit this vulnerability to execute arbitrary commands via the options parameter...

9.8CVSS8AI score0.01227EPSS

Exploits1References1

OSV•added 2020/04/06 1:15 p.m.•2 views

CVE-2020-7632

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

9.8CVSS7.5AI score

Exploits0References2

NVD•added 2020/04/06 1:15 p.m.•5 views

CVE-2020-7632

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

9.8CVSS9.8AI score0.01227EPSS

Exploits1References2

Prion•added 2020/04/06 1:15 p.m.•6 views

Command injection

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

7.5CVSS9.7AI score0.01227EPSS

Exploits1References2Affected Software1

Cvelist•added 2020/04/06 12:21 p.m.•11 views

CVE-2020-7632

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

9.8AI score0.01227EPSS

Exploits1References2

Snyk•added 2020/04/05 12:0 a.m.•1 views

Command Injection

Overview node-mpv is a wrapper to comfortably use mpv player with node.js. Affected versions of this package are vulnerable to Command Injection. The argument "options" can be controlled by users without any sanitization. PoC var Root = require"node-mpv"; var options = "binary": '" $touch JHU "'...

9.8CVSS6.8AI score0.01227EPSS

Exploits1References2

vulnersOsv•added 2020/04/05 12:0 a.m.•1 views

@beargame/devdeck (>=1.1.0 <=1.1.4), @quran-cli/q-cli (>=1.0.0 <=1.1.3) +14 more potentially affected by CVE-2020-7632 via node-mpv (>=1.5.0 <=2.0.0-beta.2)

node-mpv NPM version =1.5.0, =1.1.0, =1.0.0, =0.1.1-alpha.1, =0.1.1, =0.0.1, =3.0.0, =0.1.0, =1.0.2, =1.0.9, =0.0.4, =1.0.0, =0.1.12, =0.1.15 and more Source cves: CVE-2020-7632 Source advisory: SNYK:JS-NODEMPV-564426...

9.8CVSS7.2AI score0.01227EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by