Lucene search
+L

8 matches found

ATTACKERKB
ATTACKERKB
added 7 hours ago4 views

CVE-2026-16224

A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The identifier of the pat...

5.3CVSS4.7AI score
Exploits0References8Affected Software1
CVE
CVE
added 7 hours ago7 views

CVE-2026-16224

The CVE-2026-16224 entry concerns jxxghp MoviePilot (up to version 2.13.5) with the vulnerability located in the /jxxghp/MoviePilot file inside the Application API component. The issue arises from an improper authorization in an unknown function, enabling remote exploitation. A patch is available...

5.3CVSS4.7AI score
Exploits0References7
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-45434

A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The identifier of the pat...

5.3CVSS4.7AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.18 views

CVE-2026-11416

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS5.6AI score0.00469EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.10 views

EUVD-2026-34920

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS5.6AI score0.00469EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 9:42 p.m.3 views

CVE-2026-11416 MoviePilot Path Traversal via Cloud Storage Download Handlers

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

7.2CVSS6.1AI score0.00469EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.12 views

CVE-2026-10107

MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resourcetoken cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protection...

7.7CVSS5.6AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-47060

MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...

8.1CVSS5.6AI score0.00469EPSS
Exploits0References4
Rows per page
Query Builder