104 matches found
Emby Server - Authentication Bypass
Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system,...
CVE-2023-4167
A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...
CVE-2025-64113
Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server for Emby Server administration, not at the OS level. Other than network access, no specific preconditions need to be fulfilled for a server to be...
Emby Server Improper Authentication Vulnerability (GHSA-95fv-5gfj-2r84)
Emby Server is prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-64113
Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server for Emby Server administration, not at the OS level. Other than network access, no specific preconditions need to be fulfilled for a server to be...
EUVD-2025-201718
Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server for Emby Server administration, not at the OS level. Other than network access, no specific preconditions need to be fulfilled for a server to be...
CVE-2025-64113 Emby Server allows attackers to gain administrative server access without preconditions
Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server for Emby Server administration, not at the OS level. Other than network access, no specific preconditions need to be fulfilled for a server to be...
CVE-2025-64113 Emby Server allows attackers to gain administrative server access without preconditions
Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server for Emby Server administration, not at the OS level. Other than network access, no specific preconditions need to be fulfilled for a server to be...
CVE-2025-64113
Emby Server vulnerability CVE-2025-64113 allows an attacker to gain full administrative access to the Emby Server (admin interface, not OS level) via network access. Affected are Emby Server versions prior to 4.9.1.81; no additional preconditions beyond network access. The issue is fixed in versi...
CVE-2025-64113 Emby Server allows attackers to gain administrative server access without preconditions
Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server for Emby Server administration, not at the OS level. Other than network access, no specific preconditions need to be fulfilled for a server to be...
PT-2025-50221
Name of the Vulnerable Software and Affected Versions Emby Server versions prior to 4.9.1.81 Description Emby Server is a home media server application. Versions prior to 4.9.1.81 allow an attacker to gain full administrative access to the Emby Server. Network access is the only requirement for...
Emby Server 授权问题漏洞
Emby Server is a powerful media server from Emby. The product can be used primarily for integrated multimedia editing such as video audio and photos. An authorization issue vulnerability exists in Emby Server versions prior to 4.9.1.81, which stems from improper access control and could lead to a...
GHSA-95FV-5GFJ-2R84 Withdrawn Advisory: Emby Server API Vulnerability allowing to gain administrative access without precondition
Withdrawn Advisory This advisory has been withdrawn because it incorrectly listed MediaBrowser.Server.Core as vulnerable. CVE-2025-64113 affects Emby Server versions 4.9.1.80 and prior, and Emby Server Beta versions 4.9.2.6 and prior. Original Description Impact This vulnerability affects all Emb...
Withdrawn Advisory: Emby Server API Vulnerability allowing to gain administrative access without precondition
Withdrawn Advisory This advisory has been withdrawn because it incorrectly listed MediaBrowser.Server.Core as vulnerable. CVE-2025-64113 affects Emby Server versions 4.9.1.80 and prior, and Emby Server Beta versions 4.9.2.6 and prior. Original Description Impact This vulnerability affects all Emb...
Emby Server < 4.8.1.0 XSS Vulnerability
Emby Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2025-64325
Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...
EUVD-2025-198099
Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...
CVE-2025-64325 Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard
Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...
CVE-2025-64325 Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard
Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...
CVE-2025-64325
CVE-2025-64325 affects Emby Server prior to versions 4.8.1.0 and 4.9.0.0-beta. A malicious user can send an authentication request with a manipulated X-Emby-Client header that is added to the devices section of the admin dashboard without sanitization. The issue has been patched in version 4.8.1....