2508 matches found
CVE-2026-37281
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...
CVE-2026-37281
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...
zenshin 安全漏洞
Zenshin is an animation list management and media streaming tool developed by Hitarth. Versions of Zenshin prior to 2.7.0 contained security vulnerabilities. These vulnerabilities stemmed from OS command injection in the /stream-to-vlc Express route, which could allow remote attackers to execute...
EUVD-2026-30950
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...
CVE-2026-37281
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...
CVE-2026-37281
CVE-2026-37281 affects hitarth-gg Zenshin before 2.7.0. An OS command injection exists in the /stream-to-vlc Express route, allowing remote execution via the url parameter. Impact is critical (CVSS 3.1: 9.8). Remediation: upgrade to version 2.7.0 or later. Exploitation status is not provided in t...
CVE-2026-37281
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...
CVE-2026-37281
An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter...
PT-2026-41946
Name of the Vulnerable Software and Affected Versions hitarth-gg Zenshin versions prior to 2.7.0 Description An OS command injection flaw exists in the '/stream-to-vlc' Express route. This allows remote attackers to execute arbitrary commands on the host operating system by manipulating the url...
Astra Linux – Vulnerability in vlc
Videolan VLC prior to version 3.0.20 contains an incorrect offset read, which leads to a Heap-Based Buffer Overflow in the GetPacket function and results in memory corruption...
Fedora 45 : live555 / vlc (2026-56c8fe41c8)
The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-56c8fe41c8 advisory. Latest upstream release. Adds protection against the use of a 'stolen' authenticated RTSP session id to send RTSP server's PLAY, PAUSE, TEARDOWN, and...
Debian: Security Advisory (DLA-4507-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4507-1] vlc security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4507-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 23, 2026 https://wiki.debian.org/LTS -...
Debian dla-4507 : libvlc-bin - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4507 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4507-1 [email protected] https://www.debian.org/lts/security/...
Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the...
CVE-2026-26228
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26227
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...
EUVD-2026-8871
VideoLAN VLC for Android prior to version 3.7.0 contain an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockout...
EUVD-2026-8858
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...
CVE-2026-26227
VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password OTP verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockou...