CVE-2026-43182 media: ccs: Avoid possible division by zero

In the Linux kernel, the following vulnerability has been resolved: media: ccs: Avoid possible division by zero Calculating maximum M for scaler configuration involves dividing by MINXOUTPUTSIZE limit register's value. Albeit the value is presumably non-zero, the driver was missing the check it i...

Founder Electronics Enjoys All-Media Acquisition and Editing System 代码问题漏洞

Founder Electronics Enjoys All-Media Acquisition and Editing System is an all-media acquisition and editing system from Founder Electronics, a Chinese company. A code issue vulnerability exists in Founder Electronics Enjoys All-Media Acquisition and Editing System version 3.0, which stems from an...

Founder Electronics Enjoys All-Media Acquisition and Editing System 注入漏洞

Founder Electronics Enjoys All-Media Acquisition and Editing System is an all-media acquisition and editing system from China's Founder Electronics. An injection vulnerability exists in Founder Electronics Enjoys All-Media Acquisition and Editing System version 3.0, which stems from an incorrect...

SQL Injection Vulnerability in Founder Unlimited Media News Editorial System of Beijing Beifang Founder Electronics Co.

Beijing Beifang Founder Electronics Co., Ltd. is a leading technology and service provider in the fields of printing, media, publishing, and font libraries. A SQL injection vulnerability exists in Beijing Founder Electronics Co., Ltd.'s Founder Unlimited All-Media News Gathering and Editing Syste...

SQL Injection Vulnerability in Founder Unbridled All-Media News Gathering and Editing System of Beijing Beifang Founder Electronics Co. Ltd (CNVD-2024-40569)

Beijing Founder Electronics Co., Ltd. is a leading provider of technology, products and services in the field of cross-media information communication. A SQL injection vulnerability exists in the Founder Unlimited Media News Collection System of Beijing Founder Electronics Co., Ltd, which can be...

CVE-2023-49096

Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the /Videos//stream and /Videos//stream. endpoints which are present in the current Jellyfin version. Additional endpoints in the...

Design/Logic Flaw

Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the /Videos//stream and /Videos//stream. endpoints which are present in the current Jellyfin version. Additional endpoints in the...

CVE-2023-49096

Jellyfin (CVE-2023-49096) is vulnerable to argument injection in FFmpeg via the Videos//stream and Videos//stream. endpoints (and related AudioController endpoints). An unauthenticated attacker can attempt to inject extra FFmpeg arguments by abusing query parameters such as videoCodec and audioCo...

CVE-2023-49096 Argument Injection in FFmpeg codec parameters in Jellyfin

Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the /Videos//stream and /Videos//stream. endpoints which are present in the current Jellyfin version. Additional endpoints in the...

CVE-2023-30626

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

Directory traversal

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

CVE-2023-30626 Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution

Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting vulnerability CVE-2023-30627, this can result...

CVE-2023-30626

Jellyfin 10.8.x prior to 10.8.10 is affected by a directory traversal vulnerability in the ClientLogController (/ClientLog/Document). The issue can be combined with a stored XSS in jellyfin-web (CVE-2023-30627) to enable file write and potential remote code execution, with exploitation tied to cl...

jellyfin -- Multiple vulnerabilities

[email protected] reports: Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. When combined with a cross-site scripting...

Jellyfin suffers from an SSRF vulnerability (CNVD-2023-52831)

Jellyfin is a free software media system. Jellyfin suffers from an SSRF vulnerability that can be exploited by an attacker to access web resources and sensitive information via a crafted POST request...

Server side request forgery (ssrf)

Jellyfin is a free software media system that provides media from a dedicated server to end-user devices via multiple apps. Verions prior to 10.7.3 vulnerable to unauthenticated Server-Side Request Forgery SSRF attacks via the imageUrl parameter. This issue potentially exposes both internal and...

CVE-2021-29490

CVE-2021-29490 – Jellyfin SSRF . Jellyfin 10.7.2 and older are vulnerable to unauthenticated Server-Side Request Forgery via the imageUrl parameter, potentially exposing internal and external HTTP resources visible to the Jellyfin server. The issue is patched in version 10.7.3. A workaround is to...

CVE-2021-21402

Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public...

CVE-2021-21402

Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with certain endpoints, well crafted requests will allow arbitrary file read from a Jellyfin server's file system. This issue is more prevalent when Windows is used as the host OS. Servers that are exposed to the public...