Lucene search
K

151 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/06/26 7:32 p.m.8 views

Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more

Help shape the future of Metasploit Framework We are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they function/are presented to users. We are currently accepting responses to our feedback form, which means that you can shape the future of...

10CVSS7.3AI score0.99301EPSS
Exploits69
Metasploit
Metasploit
added 2026/06/23 7:6 p.m.193 views

Audiobookshelf Unauthenticated API Authentication Bypass Scanner

This module detects Audiobookshelf servers affected by CVE-2025-25205, an unauthenticated authentication bypass. Affected versions 2.17.0 through 2.19.0 decide whether a GET request may skip authentication by testing an unanchored regular expression against the request's full original URL,...

8.2CVSS5.9AI score0.03999EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42885

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

4.3CVSS5.5AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-42886

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...

4.9CVSS5.5AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42884

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with...

4.3CVSS5.5AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.8 views

CVE-2026-42888

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This...

6.9CVSS5.8AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 9:19 p.m.17 views

CVE-2026-42888

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This...

6.9CVSS0.00331EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 8:25 p.m.12 views

CVE-2026-42886

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely into memory using zip.entryData, with no limit on the decompressed size. The upload middleware als...

4.9CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 8:25 p.m.15 views

CVE-2026-42887

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS0.00207EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 8:25 p.m.23 views

CVE-2026-42883

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining...

6.5CVSS0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 8:25 p.m.14 views

CVE-2026-42885

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...

4.3CVSS0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 8:25 p.m.15 views

CVE-2026-42884

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking whether the requesting user has access to each collection's library. An authenticated user with...

4.3CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 8:16 p.m.25 views

CVE-2026-42888

CVE-2026-42888 describes a path traversal flaw in Audiobookshelf prior to version 2.32.2. The podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to constrain it within the intended library directory. This...

6.9CVSS5.8AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 8:16 p.m.50 views

CVE-2026-42888 Audiobookshelf: Path Traversal vulnerability in the audiobookshelf project

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This...

6.9CVSS0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 8:16 p.m.11 views

CVE-2026-42888 Audiobookshelf: Path Traversal vulnerability in the audiobookshelf project

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This...

6.9CVSS5.8AI score0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 8:16 p.m.9 views

EUVD-2026-29297

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without sufficient boundary validation to ensure it remains within the intended library directory. This...

6.9CVSS5.8AI score0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 7:55 p.m.11 views

CVE-2026-42887 Audiobookshelf: Stored Cross-Site Scripting in Login Page Custom Message

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS5.8AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 7:55 p.m.10 views

CVE-2026-42887

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS5.8AI score0.00207EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/11 7:55 p.m.16 views

EUVD-2026-29210

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS5.8AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 7:55 p.m.40 views

CVE-2026-42887 Audiobookshelf: Stored Cross-Site Scripting in Login Page Custom Message

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS0.00207EPSS
Exploits0References1
Rows per page
Query Builder