Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/14 11:11 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the /SyncPlay/New endpoint. An attacker can exhaust system memory and disrupt service availability by submitting excessively large SyncPlay group names in POST requests to the...

7.1CVSS5.8AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:9 p.m.3 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path in the POST /Videos/itemId/Subtitles endpoint due to insufficient validation of the Format field, which allows path traversal via the file extension and enables arbitrary file write. An attacker can...

9.9CVSS5.9AI score0.00753EPSS
Exploits1References3
Snyk
Snyk
added 2025/04/15 9:43 p.m.3 views

Argument Injection

Overview Affected versions of this package are vulnerable to Argument Injection via the FFmpeg codec. An attacker in possession of a valid itemId can execute arbitrary code by injecting unsanitized parameters at the /Videos//stream or /Videos//stream. endpoints. Remediation Upgrade...

8.8CVSS8AI score0.00616EPSS
Exploits0References2
Snyk
Snyk
added 2023/12/13 9:43 p.m.5 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via the ValidateVersion function. An attacker with administrative access can set up a network share and supply a UNC path to the /System/MediaEncoder/Path endpoint, which points to an executable on the network...

7.2CVSS7.4AI score0.01196EPSS
Exploits1References2
Rows per page
Query Builder