ArcherSec

10 exploits Active since Jan 2026
CVE-2026-26828 WRITEUP HIGH WRITEUP
OwnTone Server - NULL Pointer Dereference
A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server
CVSS 7.5
CVE-2026-26829 WRITEUP HIGH WRITEUP
owntone-server through c4d57aa - Denial of Service via NULL Pointer Dereference in safe_atou64
A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service (DoS) via sending a series of crafted HTTP requests to the server.
CVSS 7.5
CVE-2026-26829 WRITEUP HIGH WORKING POC
owntone-server through c4d57aa - Denial of Service via NULL Pointer Dereference in safe_atou64
A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service (DoS) via sending a series of crafted HTTP requests to the server.
CVSS 7.5
CVE-2025-57155 WRITEUP HIGH WRITEUP
owntone_server < 28.2 - Denial of Service via NULL Pointer Dereference in daap_reply_groups
NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service.
CVSS 7.5
CVE-2025-57156 WRITEUP HIGH WRITEUP
owntone_server < 28.12 - Denial of Service via dacp_reply_playqueueedit_clear NULL Pointer Dereference
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).
CVSS 7.5
CVE-2025-63647 WRITEUP HIGH WRITEUP
owntone-server <commit 334beb - DoS
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server.
CVSS 7.5
CVE-2025-63647 WRITEUP HIGH WORKING POC
owntone-server <commit 334beb - DoS
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server.
CVSS 7.5
CVE-2025-63648 WRITEUP HIGH WRITEUP
owntone_server < 29.0 - Denial of Service via DACP Request
A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.
CVSS 7.5
CVE-2025-63649 WRITEUP HIGH WRITEUP
monkey < 1.8.5 - Denial of Service via Chunked Transfer-Encoding HTTP Parser
An out-of-bounds read in the http_parser_transfer_encoding_chunked function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the server.
CVSS 7.5
CVE-2025-63653 WRITEUP HIGH WRITEUP
monkey < 1.8.5 - Denial of Service via Out-of-bounds Read in mk_vhost_fdt_close
An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
CVSS 7.5