Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (4 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-57156 2 Owntone, Owntone Project 2 Owntone-server, Owntone 2026-01-30 7.5 High
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).
CVE-2025-63647 2 Owntone, Owntone Project 2 Owntone-server, Owntone 2026-01-30 7.5 High
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server.
CVE-2025-63648 2 Owntone, Owntone Project 2 Owntone-server, Owntone 2026-01-30 7.5 High
A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.
CVE-2021-38383 1 Owntone Project 1 Owntone 2024-11-21 9.8 Critical
OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.