Lucene search
K

1593 matches found

Nuclei
Nuclei
added 19 hours ago12 views

WordPress AudioIgniter <= 2.0.2 - Unauthenticated IDOR

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. The handleplaylistendpoint function accepted a user-controlled playlist ID and returned track data without authentication. id: CVE-2026-8679 info: name: WordPress...

7.5CVSS5.9AI score0.01508EPSS
Exploits0References3
Nuclei
Nuclei
added 19 hours ago34 views

Quixplorer <=2.4.1 - Cross-Site Scripting

Quixplorer through 2.4.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

6.1CVSS6.4AI score0.02852EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2 days ago4 views

PT-2026-54742

Guardian language-system passes the id GET parameter directly into a PHP exec call in subtitles.php line 19 without sanitization: exec"php jobs/subtitle rendering.php ".$login session." ".$ GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.0068EPSS
Exploits0References3
OSV
OSV
added 4 days ago5 views

PYSEC-2026-537 SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS7.4AI score0.01158EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-53606

SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads without authentication...

9.8CVSS6.4AI score0.01158EPSS
Exploits1References9
Nuclei
Nuclei
added 5 days ago86 views

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. id: CVE-2019-7192 info: name: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution...

9.8CVSS6.8AI score0.88213EPSS
Exploits12References5
Nuclei
Nuclei
added 5 days ago21 views

QNAP Photo Station - Path Traversal

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. id: CVE-2019-7195 info: name: QNAP Photo Station - Path Traversal author: s4e-io severity: critical description: | QNAP devices running Pho...

9.8CVSS7.4AI score0.89681EPSS
Exploits10References6
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.48 views

Grafana 8.0.0 <= v.8.2.2 - Angularjs Rendering Cross-Site Scripting

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

6.9CVSS6.9AI score0.84607EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.6 views

SUSE SLES15: libavcodec-devel / libavcodec57 / libavcodec57-32bit / etc (SUSE-SU-2021:2929-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2929-1 advisory. - CVE-2019-9721: Fixed a denial of service in the subtitle decoder in handleopenbrace from libavcodec/htmlsubtitles.c bsc1129714. -...

9.8CVSS6.9AI score0.02468EPSS
Exploits26References93
NVD
NVD
added 2026/06/24 7:17 p.m.11 views

CVE-2026-48793

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS0.00357EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/24 7:15 p.m.6 views

Arbitrary Argument Injection

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the SubtitleEncoder.ConvertTextSubtitleToSrtInternal process. An attacker can achieve...

8.8CVSS6AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 6:22 p.m.35 views

CVE-2026-48793 Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS0.00357EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/24 6:22 p.m.4 views

CVE-2026-48793 Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS6.1AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 6:22 p.m.4 views

EUVD-2026-39030

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS6.1AI score0.00357EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 6:22 p.m.4 views

CVE-2026-48793

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS6.1AI score0.00357EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 6:22 p.m.12 views

CVE-2026-48793

Jellyfin is affected by CVE-2026-48793 prior to version 10.11.10. The issue arises in the subtitle conversion path where SubtitleEncoder.ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without normalizing the path, allowing injection of arbi...

8.8CVSS6.1AI score0.00357EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52059

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description An argument injection issue exists in the subtitle conversion process. The function ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without...

8.8CVSS5.9AI score0.00357EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in gst-plugins-bad1.0

GStreamer SRT File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack...

8.8CVSS7.7AI score0.01451EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer PGS File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack...

8.8CVSS7.7AI score0.01812EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-48055

Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction,...

10CVSS0.00621EPSS
Exploits0References2
Rows per page
Query Builder