An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c...
7CVSS
7.1AI Score
0.001EPSS
A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist...
7.8CVSS
7.4AI Score
0.012EPSS
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options...
9.8CVSS
9.7AI Score
0.063EPSS
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file=...
8.8CVSS
8.6AI Score
0.026EPSS