VYPR

Wavesurfer

by Heimdal

CVEs (2)

  • CVE-2026-1909MedFeb 6, 2026
    risk 0.42cvss 6.4epss 0.00

    The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on the 'src' attribute. This makes it possible for…

  • CVE-2012-6303Oct 28, 2013
    risk 0.04cvss epss 0.10

    Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.