Lucene search
+L

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 6:22 p.m.8 views

CVE-2026-48793

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS6.1AI score0.00357EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/24 6:22 p.m.4 views

CVE-2026-48793 Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS6.1AI score0.00357EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.12 views

CVE-2026-35033

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any...

9.3CVSS5.5AI score0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 10:28 p.m.4 views

EUVD-2026-22768

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds any...

9.3CVSS5.9AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32958

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.7 Description An unauthenticated arbitrary file read is possible via ffmpeg argument injection through the query parameter parsing mechanism. The ParseStreamOptions method in StreamingHelpers.cs adds lowercase...

9.3CVSS6AI score0.00319EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.8 views

PT-2025-16473 · Jellyfin +1 · Jellyfin +1

Name of the Vulnerable Software and Affected Versions: Jellyfin versions prior to 10.10.7 Description: Jellyfin is an open source self-hosted media server. The issue concerns argument injection in FFmpeg, which can potentially lead to remote code execution by anyone with credentials to a...

7.6CVSS7.6AI score0.00713EPSS
Exploits0References6
Rows per page
Query Builder