CVE-2026-26975

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass...

CVE-2026-26975

Music Assistant (open-source media library manager) versions 2.6.3 and earlier are affected by an unauthenticated, network-adjacent vulnerability enabling Remote Code Execution. The flaw arises from the music/playlists/update API, which can bypass .m3u extension enforcement and write files anywhe...

CVE-2026-26975 Music Assistant Server Path Traversal in Playlist Update API Allows Remote Code Execution

Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on affected installations. The music/playlists/update API allows users to bypass...

Uncontrolled Search Path Element

Overview ramalama is a RamaLama is a command line tool for working with AI LLM models. Affected versions of this package are vulnerable to Uncontrolled Search Path Element via the addsitepackagestosyspath'/usr/local', which unconditionally appended /usr/local/lib/python/site-packages to sys.path....

CVE-2024-10902

CVE-2024-10902 concerns eosphoros-ai/db-gpt v0.6.0. The web API endpoint POST /v1/personal/agent/upload is described as vulnerable to Arbitrary File Upload with Path Traversal , enabling an attacker to upload files to arbitrary locations on the victim’s file system. Impact telegraphs possible rem...