2 matches found
SUSE CVE-2026-25578
Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. This issue has been patched i...
CVE-2026-25578
creationtimestamp| type| source ---|---|--- 2026-02-03 21:34:58+00:00| published-proof-of-concept| https://github.com/navidrome/navidrome/security/advisories/GHSA-rh3r-8pxm-hg4w...