CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

RedhatCVE•added 2026/03/31 10:58 p.m.•2 views

CVE-2026-31804

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pmsimageproxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the scheme...

4CVSS5.8AI score0.00074EPSS

Exploits1References1

CVE•added 2026/03/30 7:42 p.m.•5 views

CVE-2026-31804

CVE-2026-31804 affects Tautulli (Python-based Plex monitor) before version 2.17.0. The vulnerable /pms_image_proxy endpoint accepts a user-controlled img parameter and forwards it to Plex Media Server’s /photo/:/ transcode transcoder without authentication or host/scheme restrictions. Because web...

5.3CVSS5.8AI score0.00074EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/03/30 7:42 p.m.•20 views

CVE-2026-31804 Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server

4CVSS0.00074EPSS

Exploits1References2

Cvelist•added 2026/02/05 9:13 a.m.•23 views

CVE-2026-1294 All In One Image Viewer Block <= 1.0.2 - Unauthenticated Server-Side Request Forgery via image-proxy Endpoint

The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the image-proxy REST API endpoint. This makes it possible for unauthenticated attackers to make web...

7.2CVSS0.0002EPSS

Exploits0References3

CVE•added 2026/02/05 9:13 a.m.•7 views

CVE-2026-1294

The CVE-2026-1294 issue affects the WordPress plugin All In One Image Viewer Block, version

7.2CVSS5.6AI score0.0002EPSS

Exploits0References3