CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2026-33482 – AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()
https://notcve.org/view.php?id=CVE-2026-33482
23 Mar 2026 — In versions up to and including 26.0, the `sanitizeFFmpegCommand()` function in `plugin/API/standAlone/functions.php` is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters (`&&`, `;`, `|`, `` ` ``, `<`, `>`). ... En versiones hasta la 26.0 inclusive, la función 'sanitizeFFmpegCommand()' en 'plugin/API/standAlone/functions.php' está diseñada para prevenir la inyección de comandos del sistema operativo en comandos ffmpeg eliminando metacaracte... • https://github.com/WWBN/AVideo/commit/25c8ab90269e3a01fb4cf205b40a373487f022e1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 1CVE-2026-3682 – welovemedia FFmate ffmpeg.go Execute argument injection
https://notcve.org/view.php?id=CVE-2026-3682
07 Mar 2026 — This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. ... Esta vulnerabilidad afecta a la función Execute del archivo /internal/service/ffmpeg/ffmpeg.go. • https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-50790 – SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Radio Stream Disclosure
https://notcve.org/view.php?id=CVE-2022-50790
30 Dec 2025 — SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated vulnerability that allows remote attackers to access live radio stream information through webplay or ffmpeg scripts. • https://exchange.xforce.ibmcloud.com/vulnerabilities/247923 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 1CVE-2018-25139 – FLIR AX8 Thermal Camera 1.32.16 Unauthenticated RTSP Stream Disclosure
https://notcve.org/view.php?id=CVE-2018-25139
24 Dec 2025 — Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage. • https://www.exploit-db.com/exploits/45606 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 3CVE-2023-53981 – PhotoShow 3.0 Remote Code Execution via Exiftran Path Injection
https://notcve.org/view.php?id=CVE-2023-53981
22 Dec 2025 — Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a crafted video upload process. • https://github.com/thibaud-rohmer/PhotoShow • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-58286 – dizqueTV 1.5.3 Remote Code Execution via FFMPEG Executable Path
https://notcve.org/view.php?id=CVE-2024-58286
11 Dec 2025 — dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. • https://www.vulncheck.com/advisories/dizquetv-remote-code-execution-via-ffmpeg-executable-path • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-57611
https://notcve.org/view.php?id=CVE-2025-57611
02 Sep 2025 — An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. • https://github.com/meh/rust-ffmpeg/issues/192 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-57612
https://notcve.org/view.php?id=CVE-2025-57612
02 Sep 2025 — An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. • https://github.com/meh/rust-ffmpeg/issues/192 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-57613
https://notcve.org/view.php?id=CVE-2025-57613
02 Sep 2025 — An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. • https://github.com/meh/rust-ffmpeg/issues/192 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-57614
https://notcve.org/view.php?id=CVE-2025-57614
02 Sep 2025 — An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or potentially execute arbitrary code. • https://github.com/meh/rust-ffmpeg/issues/192 • CWE-400: Uncontrolled Resource Consumption •