EUVD-2025-10976

Malicious code in bioql PyPI...

CVE-2025-10327

CVE-2025-10327 affects MiczFlor RPi-Jukebox-RFID up to version 2.8.0. The vulnerability is an OS command injection in the shuffle.php endpoint located at /htdocs/api/playlist/shuffle.php, triggered by manipulating the playlist argument. It is exploitable remotely and public proofs of concept exis...

CVE-2024-32963

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter valu...

GHSA-4JRX-5W4H-3GPM Navidrome Parameter Tampering vulnerability

Summary Parameter tampering is a vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. Details The attacker is able to change the parameter values in the body and successfully impersonate another user. In this case, the attacker created a playlist,...

CVE-2024-32963

Navidrome exposes a parameter tampering vulnerability in HTTP requests that allows an attacker to mutate request body parameters and impersonate other users. The flaw enables actions such as creating playlists, adding songs, posting comments, changing a playlist to public, and assigning the admin...

MP3 Wav Editor 3.80 - '.mp3' Local Denial of Service

Exploit Title: MP3WavEditor Local DoS .mp3 Date: April 5, 2010 Software Link: http://www.mp3waveditor.com/index.htm Version: 3.80 Tested on: Windows XP SP3 Author: anonymous !/usr/bin/perl my $file = "yawn.mp3"; my $a = "\x41"; open FILE, "$file"; print FILE "$a"; print "Usage: Make playlist - Ad...

Apple iTunes player Shared Music service DoS

Different playlist manipulation vulnerabilities...