Lucene search
+L

621 matches found

nvd
nvd
added 2025/11/06 10:15 p.m.9 views

CVE-2025-64178

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

8.9CVSS0.00289EPSS
Exploits0References2
cvelist
cvelist
added 2025/11/06 9:46 p.m.12 views

CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

8.9CVSS0.00289EPSS
Exploits0References2
euvd
euvd
added 2025/11/06 9:46 p.m.5 views

EUVD-2025-37862

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

8.9CVSS6.2AI score0.00289EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/11/06 9:46 p.m.2 views

CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

8.9CVSS6.3AI score0.00289EPSS
Exploits0References2
osv
osv
added 2025/11/06 9:46 p.m.8 views

CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

8.9CVSS6.8AI score0.00289EPSS
Exploits0References4
cve
cve
added 2025/11/06 9:46 p.m.16 views

CVE-2025-64178

Jellysweep (the Jellyfin cleanup tool) has an input validation flaw in the /api/images/cache endpoint: an unvalidated url parameter is passed directly to the cache library, allowing the server to fetch arbitrary content. Affected versions are 0.12.1 and earlier; authenticated users only can trigg...

8.9CVSS6.3AI score0.00289EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/11/06 3:55 p.m.5 views

CVE-2025-62046 WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in CodexThemes TheGem Demo Import for WPBakery thegem-importer.This issue affects TheGem Demo Import for WPBakery: from n/a through = 5.10.5...

6.5CVSS6.6AI score0.00332EPSS
Exploits0References1
cve
cve
added 2025/11/06 3:55 p.m.20 views

CVE-2025-62046

CVE-2025-62046: WordPress TheGem Demo Import (for WPBakery) plugin up to version 5.10.5 has a Missing Authorization vulnerability that can lead to Arbitrary Content Deletion. Affected software: TheGem Demo Import (for WPBakery). Base CVSS v3.1 score: 6.5 (Medium). Connected sources confirm the is...

6.5CVSS6.6AI score0.00332EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/06 3:54 p.m.11 views

CVE-2025-58629 WordPress Miraculous theme < 2.0.9 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.0.9...

7.5CVSS0.00348EPSS
Exploits0References1
cve
cve
added 2025/11/06 3:54 p.m.9 views

CVE-2025-58629

CVE-2025-58629 affects the WordPress Miraculous theme prior to version 2.0.9, with a Missing Authorization vulnerability that enables exploitation of improperly configured access controls to perform arbitrary content deletion. Affected component is the Miraculous WordPress theme; root cause is mi...

7.5CVSS6.6AI score0.00348EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/11/06 12:0 a.m.7 views

Jellysweep 代码问题漏洞

Jellysweep is a smart cleanup tool for media servers by Jonah Personal Developer. A code issue vulnerability exists in Jellysweep 0.12.1 and prior versions, which stems from an unvalidated URL parameter in the /api/images/cache endpoint that could result in the download of arbitrary content...

8.9CVSS6.8AI score0.00289EPSS
Exploits0References2
osv
osv
added 2025/11/04 2:30 p.m.7 views

GHSA-XC93-Q32J-CPCG Jellysweep uses uncontrolled data in image cache API endpoint

Impact The /api/images/cache which is used to download media posters from the server accepted an url parameter, which was directly passed to the cache package and that downloaded the poster from this URL. This URL parameter can be used to make the jellysweep server download arbitrary content. The...

8.9CVSS7AI score0.00289EPSS
Exploits0References4
github
github
added 2025/11/04 2:30 p.m.10 views

Jellysweep uses uncontrolled data in image cache API endpoint

Impact The /api/images/cache which is used to download media posters from the server accepted an url parameter, which was directly passed to the cache package and that downloaded the poster from this URL. This URL parameter can be used to make the jellysweep server download arbitrary content. The...

8.9CVSS7AI score0.00289EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2025/11/04 12:0 a.m.15 views

PT-2025-45386

Name of the Vulnerable Software and Affected Versions Jellysweep versions 0.12.1 and below Description Jellysweep is a cleanup tool for the Jellyfin media server. The /api/images/cache API endpoint accepts a URL parameter that is directly passed to a cache package, allowing the server to download...

8.9CVSS6.5AI score0.00289EPSS
Exploits0References10
cve
cve
added 2025/10/22 2:32 p.m.10 views

CVE-2025-52757

CVE-2025-52757 affects the WordPress plugin Sumo Memberships for WooCommerce up to and including version 7.6.0. The issue is described as a Missing Authorization vulnerability caused by incorrectly configured access control, enabling unauthorized actions such as Arbitrary Content Deletion. The Re...

6.5CVSS5.9AI score0.00249EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/10/15 8:26 a.m.5 views

CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting

The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...

7.2CVSS4.6AI score0.00265EPSS
Exploits0References3
patchstack
patchstack
added 2025/10/12 9:11 a.m.8 views

WordPress MasterStudy LMS Pro plugin < 4.7.16 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin MasterStudy LMS Pro versions 4.7.16...

7.5CVSS7AI score0.003EPSS
Exploits0Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.18 views

EUVD-2006-6054

Malware in sbrugna...

9CVSS6.4AI score0.0215EPSS
Exploits1References6
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2011-0018

Malware in sbrugna...

7.5CVSS6AI score0.03171EPSS
Exploits0References23
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-25547

Malware in sbrugna...

6.1CVSS6.2AI score0.00978EPSS
Exploits0References2
Rows per page
Query Builder