Lucene search
+L

299 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-28853

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting XSS vulnerability in ampache before v6.3.1 allows a remot...

5.9CVSS5.9AI score0.00551EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:41 a.m.7 views

CVE-2024-47828

ampache is a web based audio/video streaming application and file manager. A CSRF attack can be performed in order to delete objects Playlist, smartlist etc.. Cross-Site Request Forgery CSRF is an attack that forces authenticated users to submit a request to a Web application against which they a...

6.5CVSS7AI score0.00296EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 10:36 a.m.9 views

CVE-2024-47184

Ampache is a web based audio/video streaming application and file manager. Prior to version 6.6.0, the Democratic Playlist Name is vulnerable to a stored cross-site scripting. Version 6.6.0 fixes this issue...

6.1CVSS6.2AI score0.00519EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 10:3 a.m.8 views

CVE-2024-28853

Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting XSS vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of...

5.9CVSS5.9AI score0.00551EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:3 a.m.8 views

CVE-2024-28852

Ampache is a web based audio/video streaming application and file manager. Ampache has multiple reflective XSS vulnerabilities,this means that all forms in the Ampache that use rule as a variable are not secure. For example, when querying a song, when querying a podcast, we need to use $rule...

6.1CVSS5.9AI score0.00516EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:5 a.m.10 views

CVE-2024-51485

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

8.1CVSS8AI score0.00323EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.9 views

CVE-2024-51487

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

8.1CVSS8AI score0.00323EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.6 views

CVE-2024-51484

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to...

8.1CVSS8AI score0.00323EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 8:3 a.m.8 views

CVE-2024-51486

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...

8.4CVSS8.3AI score0.00484EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.14 views

CVE-2024-51489

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messag...

5.4CVSS6.8AI score0.00272EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.7 views

CVE-2024-51490

Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. Thi...

9CVSS9.1AI score0.00499EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:27 a.m.11 views

CVE-2024-51488

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any...

5.4CVSS5.4AI score0.00266EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.8 views

CVE-2023-0771

SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop...

8.8CVSS7.8AI score0.00746EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.7 views

CVE-2023-0606

Cross-site Scripting XSS - Reflected in GitHub repository ampache/ampache prior to 5.5.7...

9.3CVSS8.3AI score0.00639EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:23 a.m.7 views

CVE-2022-4665

Unrestricted Upload of File with Dangerous Type in GitHub repository ampache/ampache prior to 5.5.6...

8.8CVSS6.8AI score0.00758EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 p.m.10 views

CVE-2021-32644

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. Th...

6.4CVSS7.3AI score0.00843EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:10 p.m.6 views

CVE-2021-21399

Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and...

9.1CVSS7AI score0.01438EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/07 1:34 a.m.6 views

CVE-2024-51144

Cross Site Request Forgery CSRF vulnerability exists in the 'pvmsg.php?action=addmessage', pvmsg.php?action=confirmdelete , and ajax.server.php?page=user=flipfollow endpoints in Ampache = 6.6.0...

8.8CVSS7.3AI score0.00436EPSS
Exploits0References1
OSV
OSV
added 2025/03/05 8:16 p.m.7 views

CVE-2024-51144

Cross Site Request Forgery CSRF vulnerability exists in the 'pvmsg.php?action=addmessage', pvmsg.php?action=confirmdelete , and ajax.server.php?page=user&action=flipfollow endpoints in Ampache = 6.6.0...

8.8CVSS5.8AI score0.00436EPSS
Exploits0References3
NVD
NVD
added 2025/03/05 8:16 p.m.10 views

CVE-2024-51144

Cross Site Request Forgery CSRF vulnerability exists in the 'pvmsg.php?action=addmessage', pvmsg.php?action=confirmdelete , and ajax.server.php?page=user&action=flipfollow endpoints in Ampache = 6.6.0...

8.8CVSS0.00436EPSS
Exploits0References3
Rows per page
Query Builder