CVE-2026-31804

creationtimestamp| type| source ---|---|--- 2026-03-30 20:55:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mickcgysod22...

CVE-2026-31804 Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pmsimageproxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the scheme...

CVE-2026-31804

CVE-2026-31804 affects Tautulli (Python-based Plex monitor) before version 2.17.0. The vulnerable /pms_image_proxy endpoint accepts a user-controlled img parameter and forwards it to Plex Media Server’s /photo/:/ transcode transcoder without authentication or host/scheme restrictions. Because web...

CVE-2022-31804

creationtimestamp| type| source ---|---|--- 2025-07-01 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-182-03...

CVE-2023-31804

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters...

CVE-2025-31804

creationtimestamp| type| source ---|---|--- 2025-04-01 20:33:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10013...

CVE-2025-31804 WordPress Follow Us Badges plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

CVE-2025-31804 WordPress Follow Us Badges plugin <= 3.1.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in DraftPress Team Follow Us Badges wpsite-follow-us-badges allows Stored XSS.This issue affects Follow Us Badges: from n/a through = 3.1.11...

CVE-2024-31804

creationtimestamp| type| source ---|---|--- 2024-04-24 20:49:03+00:00| seen| https://t.me/arpsyndicate/4815...

Terratec dmx_6fire USB - Unquoted Service Path Vulnerability

Exploit Title: Terratec dmx6fire USB - Unquoted Service Path Google Dork: null Exploit Author: Joseph Kwabena Fiagbor Vendor Homepage: https://dmx-6fire-24-96-controlpanel.software.informer.com/download/ Software Link: Version: v.1.23.0.02 Tested on: windows 7-11 CVE : CVE-2024-31804 1...

Terratec dmx_6fire USB 1.23.0.02 Unquoted Service Path

Exploit Title: Terratec dmx6fire USB - Unquoted Service Path Google Dork: null Date: 4/10/2024 Exploit Author: Joseph Kwabena Fiagbor Vendor Homepage: https://dmx-6fire-24-96-controlpanel.software.informer.com/download/ Software Link: Version: v.1.23.0.02 Tested on: windows 7-11 CVE :...

CVE-2023-31804

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters...

CVE-2023-31804

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters...

CVE-2023-31804

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters...

CVE-2023-31804

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters...

CVE-2023-31804

CVE-2023-31804 affects Chamilo Lms 1.11.18. The issue is a Cross Site Scripting vulnerability in the course category parameters, enabling a local attacker to execute arbitrary code (per the CVE description). The available sources consistently identify Chamilo LMS v1.11.18 as vulnerable; no explic...

Critical Security Flaws Identified in CODESYS ICS Automation Software

CODESYS has released patches to address as many as 11 security flaws that, if successfully exploited, could result in information disclosure and a denial-of-service DoS condition, among others. "These vulnerabilities are simple to exploit, and they can be successfully exploited to cause...

CVE-2022-31804

The CVE-2022-31804 vulnerability affects the CODESYS Gateway Server V2 (prior to version 2.3.9.38). It does not verify that the size of a request is within expected limits, allowing an unauthenticated attacker to allocate memory arbitrarily, potentially causing the gateway to crash due to an out-...

DEBIAN-CVE-2021-31804

LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document...

CVE-2021-31804

LeoCAD before 21.03 contains a use-after-free vulnerability when opening a new document. The connected sources (Red Hat, Debian/OSV, NVD/NIST, OSV, etc.) confirm this description; no additional technical details, affected versions beyond the 21.03 cutoff, exploit specifics, or remediation steps a...