17 matches found
CVE-2026-26069
Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...
CVE-2026-26069
Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...
CVE-2026-26069
Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...
CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels.
Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...
CVE-2026-26069
Scraparr (Prometheus Exporter) prior to 3.0.2 is affected when Readarr integration is enabled and the exporter’s /metrics is exposed to outsiders. The Readarr API key could be exposed as the alias metric label value, under conditions: Readarr scraping enabled, no alias configured, /metrics public...
CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels.
Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...
CVE-2026-26069 Scraparr Readarr Integration exposes sensitive values as metric labels.
Scraparr is a Prometheus Exporter for various components of the arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API key as the alias metric label value. Users were affected only if all of the following conditions ar...
PT-2026-7910
Name of the Vulnerable Software and Affected Versions Scraparr versions 3.0.0-beta through 3.0.1 Description Scraparr, a Prometheus Exporter for the arr Suite, disclosed Readarr API keys when the Readarr integration was enabled. This occurred because the exporter exposed the configured Readarr AP...
Scraparr 信息泄露漏洞
Scraparr is a Prometheus exporter for arr suites Sonarr, Radarr, Lidarr, etc. developed by TheCfU organization. Versions of Scraparr from 3.0.0-beta to 3.0.2 contained an information leakage vulnerability. This vulnerability occurred when the Readarr integration was enabled, as the exporter expos...
EUVD-2025-25908
Malicious code in bioql PyPI...
CVE-2025-50983
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...
CVE-2025-50983
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...
CVE-2025-50983
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...
readarr 安全漏洞
Readarr is an open source eBook library management system from Readarr. A security vulnerability exists in readarr version 0.4.15.2787, which stems from improper cleanup of the sortKey parameter in the GET /api/v1/wanted/cutoff API endpoint, which could lead to an SQL injection attack...
CVE-2025-50983
Readarr 0.4.15.2787 exposes a SQL Injection in the sortKey parameter of GET /api/v1/wanted/cutoff. The endpoint fails to sanitize user input, enabling arbitrary SQL execution against the backend SQLite DB. Exploitation was confirmed with sqlmap via stacked queries; a heavy query using SQLite RAND...
PT-2025-34877 · Readarr · Readarr
Name of the Vulnerable Software and Affected Versions: readarr version 0.4.15.2787 Description: A SQL Injection issue exists in readarr that allows attackers to inject and execute arbitrary SQL commands against the backend SQLite database. The /api/v1/wanted/cutoff API endpoint does not properly...
CVE-2025-50983
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...