This page lists publicly disclosed CVE vulnerabilities affecting popcorn_time_project popcorn_time (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-37059 | Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious executables in Program Files (x86) or system root directories to be executed with SYSTEM-level permissions during service startup. | [email protected] | 8.5 | 0.13% | 2026-01-30 | 2026-06-16 |
| CVE-2022-25229 | Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands. | [email protected] | 5.4 | 0.53% | 2022-05-20 | 2026-06-17 |