CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

Bazarr < 1.4.3 - Arbitrary File Read

Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability. id: CVE-2024-40348 info: name: Bazarr Bazarr" - 'content="Bazarr' - "window.Bazarr" condition: or internal: true - method: GET path: - "BaseURL/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/pass...

8.2CVSS7.4AI score0.93379EPSS

Exploits2References3

RedhatCVE•added 2026/01/09 9:29 a.m.•2 views

CVE-2023-50266

Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get without any sanitization, which leads to a blind server-side request forgery SSRF. This issue allo...

5.3CVSS6.6AI score0.00154EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:59 a.m.•8 views

CVE-2023-50265

Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the sendfile function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1...

7.5CVSS6.7AI score0.00216EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-55076

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00344EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-55077

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00216EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-55078

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00154EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 4:29 a.m.•5 views

CVE-2023-50264

Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the sendfile function, which leads to an arbitrary file read on the system...

7.5CVSS6.7AI score0.00344EPSS

Exploits1

CNVD•added 2024/07/23 12:0 a.m.•19 views

Bazarr Arbitrary File Read Vulnerability

Bazarr is a companion app to Sonarr and Radarr that manages and downloads subtitles to your specifications. Bazarr suffers from an arbitrary file read vulnerability due to an issue in component /api/swaggerui/static in Bazaar v1.4.3 that allows an unauthenticated attacker to perform directory...

8.2CVSS6.7AI score0.93379EPSS

Exploits2References1

CNNVD•added 2024/07/20 12:0 a.m.•4 views

Bazarr 安全漏洞

8.2CVSS7AI score0.93379EPSS

Exploits2References2

NVD•added 2023/12/15 9:15 p.m.•11 views

CVE-2023-50266

5.3CVSS0.00154EPSS

Exploits0References3

NVD•added 2023/12/15 9:15 p.m.•14 views

CVE-2023-50265

7.5CVSS0.00216EPSS

Exploits1References3

NVD•added 2023/12/15 9:15 p.m.•16 views

CVE-2023-50264

7.5CVSS0.00344EPSS

Exploits1References3

Prion•added 2023/12/15 9:15 p.m.•14 views

Design/Logic Flaw

5CVSS6.9AI score0.00344EPSS

Exploits1References3Affected Software1

Prion•added 2023/12/15 9:15 p.m.•19 views

Design/Logic Flaw

5CVSS6.9AI score0.00216EPSS

Exploits1References3Affected Software1

Prion•added 2023/12/15 9:15 p.m.•9 views

Server side request forgery (ssrf)

5CVSS7AI score0.00154EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/12/15 8:42 p.m.•11 views

CVE-2023-50266 Bazarr Blind Server-Side Request Forgery (SSRF) in the /test/<protocol>/ endpoint

5.3CVSS5.4AI score0.00154EPSS

Exploits0References3

CVE•added 2023/12/15 8:42 p.m.•26 views

CVE-2023-50266

Bazarr (versions up to 1.2.4) contains an SSRF in the proxy endpoint implemented in bazarr/bazarr/app/ui.py, where user-controlled protocol and URL values are passed directly to requests.get() without sanitization. This allows crafting GET requests to internal or external resources on behalf of t...

5.3CVSS5.2AI score0.00154EPSS

Exploits0References3Affected Software1