For VLC there are a bunch of out of bound reads and heap buffer overflows.
f2b1f9e subtitle: Fix potential heap buffer overflow
611398f subtitle: Fix potential heap buffer overflow
ecd3173 subsdec: Fix potential out of bound read
62be394 subsdec: Fix potential out of bound read
775de71 subtitle: Fix invalid double increment.
The Kodi issue was a zip archive path traversal (i.e. no protection against zip files extracting files to parent directories).
The fact that it's multiple, independent vulnerabilities makes me feel a little better. I've used Kodi and OpenSubtitles before while watching a movie to search and download subs for the movie without ever leaving Kodi. When it works, it's nothing short of magical.
Yes, those are very different issues.
From what I understood, one is an XSS (popcorn-time), one is a heap-based buffer overflow (VLC), and one is a zip-transveral (Kodi).
And tbh, I don't see how you can exploit the bug for VLC (with ASLR and HEASLR).
So it becomes a game of luck getting some users exploited.
Also, you've posted many uncivil and/or unsubstantive comments. We ban accounts for that too, so please don't do that either.