Lucene search
K

591 matches found

EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41060

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 7:17 p.m.9 views

CVE-2026-49246

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during playback. Jellyfin treats the MKV file name tag on MKV attachments as trusted and passes it...

6.3CVSS0.00258EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/24 7:15 p.m.6 views

Arbitrary Argument Injection

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the SubtitleEncoder.ConvertTextSubtitleToSrtInternal process. An attacker can achieve...

8.8CVSS6AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 6:22 p.m.35 views

CVE-2026-48793 Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS0.00357EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 6:22 p.m.13 views

CVE-2026-48793

Jellyfin is affected by CVE-2026-48793 prior to version 10.11.10. The issue arises in the subtitle conversion path where SubtitleEncoder.ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without normalizing the path, allowing injection of arbi...

8.8CVSS6.1AI score0.00357EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52066

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description Missing path sanitization during playback allows the use of a specially crafted MKV file with forged filename tags to redirect attachment extraction to any absolute path on the disk. This occurs...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52059

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.10 Description An argument injection issue exists in the subtitle conversion process. The function ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without...

8.8CVSS5.9AI score0.00357EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in gst-plugins-bad1.0

GStreamer SRT File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack...

8.8CVSS7.7AI score0.01451EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-48055

Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction,...

10CVSS0.00621EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 9:17 p.m.16 views

CVE-2026-48055 Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction

Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction,...

10CVSS0.00621EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 9:17 p.m.14 views

CVE-2026-48055

Streambert (Electron-based desktop app) has a Zip Slip vulnerability in its subtitle extraction logic affecting versions up to 2.4.0. The code concatenates raw archive entry names to a temporary directory, enabling path traversal and arbitrary file writes if a malicious ZIP with traversal sequenc...

10CVSS5.4AI score0.00621EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50120

Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's subtitle extraction logic. The application does not sanitize archive entry filenames during extraction,...

10CVSS5.5AI score0.00621EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 12:16 a.m.12 views

CVE-2026-49482

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle title...

4.3CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 11:16 p.m.21 views

CVE-2026-47238

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 133, a normal authenticated user can edit another user's video subtitles because of a lack of authorization. They can upload subtitles, edit their name or delete them. This issue has been patched in version 5.5.3 - 1...

6.5CVSS0.002EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 11:16 p.m.11 views

CVE-2026-45418

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title English, Spanish.... The POST /actions/subtitleedit.php request used to change their title...

8.8CVSS0.00307EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 10:55 p.m.19 views

CVE-2026-49482

CVE-2026-49482 affects ClipBucket v5, where the subtitle editing endpoint improperly neutralizes SQL wildcard characters. An authenticated user could supply a '%' in the number parameter to overwrite all subtitle titles of any video they own in a single HTTP request. This is mitigated by the patc...

4.3CVSS5.5AI score0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 10:55 p.m.9 views

CVE-2026-49482 ClipBucket: SQL Wildcard Injection in Subtitle Edit Endpoint Allows Mass Subtitle Overwrite

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle title...

4.3CVSS5.5AI score0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 10:55 p.m.31 views

CVE-2026-49482 ClipBucket: SQL Wildcard Injection in Subtitle Edit Endpoint Allows Mass Subtitle Overwrite

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle title...

4.3CVSS0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 10:55 p.m.11 views

EUVD-2026-36370

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle title...

4.3CVSS5.5AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 10:48 p.m.11 views

EUVD-2026-36366

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 132, any authenticated user who can upload videos can add multiple subtitles from different files and change their title English, Spanish.... The POST /actions/subtitleedit.php request used to change their title...

8.8CVSS5.5AI score0.00307EPSS
Exploits0References1
Rows per page
Query Builder