The log viewer in Lyrion Music Server version 9.2.0 reflects request parameters and raw log content into HTML with no escaping. Any attacker-provid...
Lyrion Music Server version 9.2.0 suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to...
Lyrion Music Server version 9.2.0 has advanced search parameters that are stuffed back into the page so the form keeps its values. Several free-tex...
Lyrion Music Server version 9.2.0 exposes a readdirectory query through both its CLI service TCP port 9090 and its HTTP JSON-RPC endpoint /jsonrpc....
Lyrion Music Server version 9.2.0 stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders...
Lyrion Music Server version 9.2.0 suffers from an unauthenticated reflected cross site scripting vulnerability through server.log endpoint abusing ...
Craft CMS versions 5.9.5 and below suffer from a missing authorization vulnerability that can trigger an unwanted migration...
WordPress Contest Gallery plugin versions 28.1.4 and below suffer from a remote SQL injection vulnerability...
WordPress ARMember Premium plugin versions 7.3.1 and below suffer from an insecure password reset mechanism that allows for administrative account ...
This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to re...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
