Lucene search
+L

67 matches found

vulnrichment
vulnrichment
added 2026/01/30 4:16 p.m.8 views

CVE-2020-37059 Popcorn Time 6.2 - 'Update service' Unquoted Service Path

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...

8.5CVSS6AI score0.00134EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/01/30 4:16 p.m.5 views

CVE-2020-37059

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...

8.5CVSS6AI score0.00134EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/01/30 4:16 p.m.25 views

CVE-2020-37059 Popcorn Time 6.2 - 'Update service' Unquoted Service Path

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...

8.5CVSS0.00134EPSS
Exploits0References3
cve
cve
added 2026/01/30 4:16 p.m.16 views

CVE-2020-37059

CVE-2020-37059 concerns Popcorn Time 6.2.1.14, which is affected by an unquoted service path vulnerability in its Update service. The underlying issue is that a service binary path is not properly quoted, enabling a local, non-privileged user to place a malicious executable in directories like Pr...

8.5CVSS6AI score0.00134EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/01/30 12:0 a.m.14 views

Popcorn Time code-related vulnerabilities

Popcorn Time is an open-source, multi-platform free software BitTorrent client developed by Popcorn Time. Version 6.2.1.14 of Popcorn Time contains a code vulnerability caused by an unquoted service path. This vulnerability could allow local non-privileged users to execute code and gain system...

8.5CVSS6AI score0.00134EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/01/30 12:0 a.m.10 views

PT-2026-5420

Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files x86 or system root directories to be executed with SYSTEM-level...

8.5CVSS6AI score0.00134EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-4054

Malware in sbrugna...

10CVSS9.5AI score0.01535EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2002-1033

Malware in sbrugna...

7.5CVSS6.4AI score0.03905EPSS
Exploits1References4
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-1642

Malware in sbrugna...

9.3CVSS6.4AI score0.02738EPSS
Exploits1References4
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2002-1034

Malware in sbrugna...

5CVSS6.4AI score0.01741EPSS
Exploits1References4
euvd
euvd
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-29928

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00542EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/05/23 12:5 a.m.9 views

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

5.4CVSS5.8AI score0.00542EPSS
Exploits1References1
code423n4
code423n4
added 2023/03/03 12:0 a.m.13 views

Upgraded Q -> 2 from #633 [1677880427560]

Judge has assessed an item in Issue 633 as 2 risk. The relevant finding follows: Vault contract implementation does not disable initializers The Vault.sol contract should implement disableInitializers in its constructure to prevent implementation contracts from being initialized. As this contract...

6.7AI score
Exploits0
cnvd
cnvd
added 2022/05/24 12:0 a.m.33 views

Popcorn Time Cross-Site Scripting Vulnerability

Popcorn Time is a multi-platform BitTorrent client. version 0.4.7 of Popcorn Time is vulnerable to a cross-site scripting vulnerability that originates in the setting page Movies API Servers field's lack of data validation filtering for user-supplied data and output. An attacker could exploit the...

3.5CVSS2.9AI score0.00542EPSS
Exploits1Affected Software1
osv
osv
added 2022/05/20 11:15 a.m.24 views

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

5.4CVSS5.7AI score
Exploits0References2
nvd
nvd
added 2022/05/20 11:15 a.m.20 views

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

5.4CVSS0.00542EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/05/20 11:15 a.m.4 views

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

5.4CVSS6.1AI score0.00542EPSS
Exploits1References3
prion
prion
added 2022/05/20 11:15 a.m.13 views

Cross site scripting

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

3.5CVSS5.1AI score0.00542EPSS
Exploits1References2Affected Software1
cve
cve
added 2022/05/20 11:1 a.m.702 views

CVE-2022-25229

CVE-2022-25229 affects Popcorn Time 0.4.7. A Stored XSS vulnerability originates in the Settings page, in the Movies API Server(s) field, where lack of input validation allows injection of script. The issue is aggravated by nodeIntegration being turned on, which can permit the webpage to access N...

5.4CVSS5.1AI score0.00542EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2022/05/20 11:1 a.m.30 views

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

5.4AI score0.00542EPSS
Exploits1References2
Rows per page
Query Builder