Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/26 7:23 p.m.19 views

CVE-2025-27112

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

6.9CVSS7.1AI score0.00936EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/02/24 7:15 p.m.5 views

CVE-2025-27112

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

6.9CVSS7.2AI score0.00936EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/02/24 6:37 p.m.22 views

CVE-2025-27112 Navidrome has authentication bypass in Subsonic API with non-existent username

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

6.9CVSS6.9AI score0.00936EPSS
Exploits1References2
Circl
Circl
added 2025/02/22 5:14 p.m.64 views

CVE-2025-27112

creationtimestamp| type| source ---|---|--- 2025-02-22 17:14:30+00:00| published-proof-of-concept| https://github.com/navidrome/navidrome/security/advisories/GHSA-c3p4-vm8f-386p 2025-02-24 19:22:21+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5207 2025-02-24...

6.9CVSS5.8AI score0.00936EPSS
In wildExploits1References11
Rows per page
Query Builder