8 matches found
CVE-2026-16224
A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The identifier of the pat...
CVE-2026-16224
The CVE-2026-16224 entry concerns jxxghp MoviePilot (up to version 2.13.5) with the vulnerability located in the /jxxghp/MoviePilot file inside the Application API component. The issue arises from an improper authorization in an unknown function, enabling remote exploitation. A patch is available...
EUVD-2026-45434
A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The identifier of the pat...
CVE-2026-11416
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...
EUVD-2026-34920
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...
CVE-2026-11416 MoviePilot Path Traversal via Cloud Storage Download Handlers
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...
CVE-2026-10107
MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resourcetoken cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal network protection...
PT-2026-47060
MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata without basename...