Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/03/30 7:42 p.m.20 views

CVE-2026-31804 Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pmsimageproxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the scheme...

4CVSS0.00058EPSS
Exploits1References2
GithubExploit
GithubExploitadded 2026/01/01 12:39 a.m.168 views

Exploit for Cross-Site Request Forgery (CSRF) in Tautulli

Tautulli v2.1.9 - Shutdown Denial of Service Tautulli version...

6.5CVSS7AI score0.56759EPSS
Exploits9
CVE
CVEadded 2025/09/09 8:13 p.m.17 views

CVE-2025-58763

Tautulli (Python-based Plex monitoring) has a command-injection vulnerability affecting v2.15.3 and earlier. The flaw arises when cloning from GitHub and installing manually, where the update/version logic calls runGit via subprocess.Popen with shell=True. The checkout_git_branch path stores un s...

8CVSS8.2AI score0.00867EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2025/09/09 8:8 p.m.4 views

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

9.1CVSS7.5AI score0.01393EPSS
Exploits1References2
Cvelist
Cvelistadded 2025/09/09 8:8 p.m.9 views

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

9.1CVSS0.01393EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/09/09 12:0 a.m.4 views

PT-2025-36569

Name of the Vulnerable Software and Affected Versions: Tautulli versions prior to 2.16.0 Description: Tautulli is a Python-based monitoring and tracking tool for Plex Media Server. An attacker with administrative access can exploit the pms image proxy endpoint to write arbitrary Python scripts in...

9.1CVSS7.9AI score0.01393EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2025/05/22 5:55 a.m.5 views

CVE-2019-19833

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. Also, anonymous access can be achieved in applications that do not have a user login area...

6.5CVSS6.8AI score0.56759EPSS
Exploits9References1
PyPA
PyPAadded 2019/02/19 4:29 p.m.5 views

PYSEC-2019-255

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page...

6.1CVSS6.1AI score0.00234EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder