Lucene search
K

13 matches found

EUVD
EUVD
added 6 days ago11 views

EUVD-2026-38067

Subsonic API: any authenticated user can delete or read any other user's playlist IDOR...

7.1CVSS5.8AI score0.00168EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 7:8 p.m.20 views

CVE-2026-49338

The CVE covers gonic, a Subsonic-compatible music server. Before 0.21.0, Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view allowed any authenticated user to delete or read any other user’s private playlist due to missing per-resource authorization. The playlist ID is bas...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:8 p.m.18 views

CVE-2026-49338 Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can delete...

7.1CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:23 p.m.18 views

CVE-2026-49339 Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user's playlist

gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit 6dd71e6a3c966867ef8c900d359a7df75789f410 added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controll...

7.1CVSS0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 7:53 a.m.8 views

CVE-2024-42792

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=deleteplaylist page...

3.5CVSS4.3AI score0.00188EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.2 views

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara Inc. A security vulnerability exists in Kashipara Music Management System version v1.0, which stems from an Access Control Error vulnerability that allows an unauthenticated attacker to delete valid music playlist entri...

9.8CVSS6.8AI score0.00563EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/24 12:0 a.m.13 views

CVE-2024-42797

An Incorrect Access Control vulnerability was found in /music/ajax.php?action=deleteplaylist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries...

6.9AI score0.00563EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.4 views

PT-2024-30170 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: An Incorrect Access Control issue was found in the "/music/ajax.php?action=delete playlist" endpoint. This issue allows an unauthenticated attacker to delete valid music playlist...

9.8CVSS6.7AI score0.00563EPSS
Exploits1References4
OSV
OSV
added 2024/08/26 5:15 p.m.3 views

CVE-2024-42792

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=deleteplaylist page...

3.5CVSS5.7AI score0.00188EPSS
Exploits1References2
NVD
NVD
added 2024/08/26 5:15 p.m.10 views

CVE-2024-42792

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=deleteplaylist page...

3.5CVSS0.00188EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/26 12:0 a.m.11 views

CVE-2024-42792

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=deleteplaylist page...

7.1AI score0.00188EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/26 12:0 a.m.15 views

CVE-2024-42792

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=deleteplaylist page...

0.00188EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.4 views

PT-2024-30165 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A Cross-Site Request Forgery CSRF issue was found in the system via the "/music/ajax.php?action=delete playlist" page. This allows for unauthorized actions to be performed...

3.5CVSS6.7AI score0.00188EPSS
Exploits1References7
Rows per page
Query Builder