8 matches found
CVE-2026-10108
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...
CVE-2026-10108
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...
CVE-2026-10108 xiaomusic 0.5.7 Path Traversal via GET /music endpoint
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...
CVE-2026-10108 xiaomusic 0.5.7 Path Traversal via GET /music endpoint
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...
CVE-2026-10108
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...
EUVD-2026-33366
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...
CVE-2026-10108
The CVE-2026-10108 entry concerns xiaomusic v0.5.7, with an unauthenticated path traversal vulnerability in GET /music/{file_path:path}. An attacker can read arbitrary files outside the music directory by exploiting an incomplete path prefix check and a missing trailing separator in the compariso...
XiaoMusic 路径遍历漏洞
XiaoMusic is a music playback tool developed by Hanxi, allowing unlimited song listening through the XiaoAi speaker. Version 0.5.7 of XiaoMusic has a path traversal vulnerability. This vulnerability stems from the GET /music/filepath:path endpoint, where unauthorized path traversal is allowed,...