Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/18 12:1 a.m.11 views

CVE-2026-40348

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...

7.7CVSS5.8AI score0.00379EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.12 views

PT-2026-33540

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...

7.7CVSS5.8AI score0.00379EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/27 7:29 p.m.2 views

CVE-2026-27707 Plex-configured Seerr instances vulnerable to unauthenticated account registration via Jellyfin authentication endpoint

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting in version 2.0.0 and prior to version 3.1.0, an authentication guard logic flaw in POST /api/v1/auth/jellyfin allows an unauthenticated attacker to register a new Seerr account on any Plex-configure...

7.3CVSS5.9AI score0.00506EPSS
Exploits1References3
CVE
CVE
added 2026/02/27 7:29 p.m.16 views

CVE-2026-27707

Seerr (open‑source media request/discovery manager for Jellyfin, Plex, Emby) contains two related vulnerabilities tracked as CVE-2026-27707 and CVE-2026-27793. For versions 2.0.0 up to before 3.1.0, an authentication guard flaw in POST /api/v1/auth/jellyfin can allow an unauthenticated attacker t...

9.8CVSS5.9AI score0.00506EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/27 7:29 p.m.6 views

CVE-2026-27707 Plex-configured Seerr instances vulnerable to unauthenticated account registration via Jellyfin authentication endpoint

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting in version 2.0.0 and prior to version 3.1.0, an authentication guard logic flaw in POST /api/v1/auth/jellyfin allows an unauthenticated attacker to register a new Seerr account on any Plex-configure...

7.3CVSS5.9AI score0.00506EPSS
Exploits1References5
Rows per page
Query Builder