Lucene search
+L

4 matches found

FreeBSD
FreeBSD
added 2026/05/24 12:0 a.m.21 views

jellyfin -- multiple vulnerabilities

The Jellyfin project reports: Jellyfin Server 10.11.10 fixes three security vulnerabilities: GHSA-f47c-m7gr-q92j: details pending disclosure GHSA-jg92-mrxq-vv75: details pending disclosure GHSA-wwwm-px48-fpvq: details pending disclosure...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/04/18 12:1 a.m.3 views

CVE-2026-40348 Movary has Authenticated SSRF via Jellyfin Server URL Verification that Allows Internal Network Probing

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...

7.7CVSS6AI score0.00379EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/18 12:1 a.m.8 views

EUVD-2026-23617

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...

7.7CVSS5.8AI score0.00379EPSS
Exploits1References4
EUVD
EUVD
added 2025/11/06 9:46 p.m.6 views

EUVD-2025-37862

Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...

8.9CVSS6.2AI score0.00289EPSS
Exploits0References3
Rows per page
Query Builder