214 matches found
CVE-2025-69417
PVE-2025-69417 affects Plex Media Server (PMS) prior to latest updates. The issue arises when a non-server device token can retrieve share tokens intended for unrelated access via the shared_servers endpoint, indicating an access-control weakness in PMS’s token handling. Public references in the ...
CVE-2025-69417
In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve share tokens intended for unrelated access via a sharedservers endpoint...
CVE-2025-69416
In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve other tokens intended for unrelated access via clients.plex.tv/devices.xml...
CVE-2025-69416
In the plex.tv backend for Plex Media Server PMS through 2025-12-31, a non-server device token can retrieve other tokens intended for unrelated access via clients.plex.tv/devices.xml...
CVE-2025-69416
Summary of CVE-2025-69416 : In Plex Media Server (PMS) prior to or within versions affected by PMS build times up to 1.43.0.10389, a non-server device token can retrieve other tokens intended for unrelated access via the plex.tv backend (devices.xml). The connected OpenVAS entry corroborates a PM...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69415
In Plex Media Server PMS through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account...
CVE-2025-69415
CVE-2025-69415 affects Plex Media Server (PMS). According to NVD/narratives, PMS <= 1.42.2.10156 allows accessing /myplex/account with a device token that is not properly aligned with the device’s current account association. The OpenVAS entry for Plex Media Server
CVE-2025-69414
Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...
CVE-2025-69414
Plex Media Server PMS through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token...
CVE-2025-69414
Plex Media Server (PMS) shows token leakage vulnerabilities across multiple CVEs. Specifically, CVE-2025-69414 (PMS up to 1.42.2.10156) allows retrieval of a permanent access token via /myplex/account using a transient token. OpenVAS notes PMS
PT-2026-1106
Name of the Vulnerable Software and Affected Versions Plex Media Server versions through 1.42.2.10156 Description Plex Media Server PMS allows retrieval of a permanent access token via a /myplex/account call when using a transient access token. The API endpoint /myplex/account is involved in this...
PT-2026-1110
Name of the Vulnerable Software and Affected Versions Plex Media Server versions through 2025-12-31 Description A non-server device token can retrieve other tokens intended for unrelated access via the clients.plex.tv/devices.xml endpoint. This impacts the Plex Media Server backend. Recommendatio...
Plex Media Server 安全漏洞
Plex Media Server is a suite of media player and media server software from the Swiss company Plex. A security vulnerability exists in Plex Media Server version 2025-12-31 and earlier, which stems from a non-server device token in the plex.tv backend that can retrieve shared tokens via the...
Plex media server 安全漏洞
Plex media server is a media player from Plex. A security vulnerability exists in Plex Media Server version 1.42.2.10156 and earlier, which stems from a permanent access token that can be retrieved via a transient access token call to /myplex/account, which could lead to an access token disclosur...
Plex media server 安全漏洞
Plex media server is a media player from Plex. A security vulnerability exists in Plex media server version 1.42.2.10156 and earlier, which stems from the ability to access /myplex/account using a device token that is not properly aligned with whether or not the device currently has an account...
PT-2026-1109
Name of the Vulnerable Software and Affected Versions Plex Media Server versions prior to 1.42.2.10157 Description Plex Media Server PMS has an issue where access to the /myplex/account endpoint with a device token is not correctly linked to the device's account association status. This could all...
PT-2026-1111
Name of the Vulnerable Software and Affected Versions Plex Media Server versions prior to 2025-12-31 Description A non-server device token can retrieve share tokens via the shared servers endpoint. These share tokens are intended for unrelated access. Recommendations Update Plex Media Server to a...
Plex media server 安全漏洞
Plex media server is a media player from Plex. A security vulnerability exists in Plex Media Server version 2025-12-31 and earlier, which stems from a non-server device token in the plex.tv backend that can retrieve other tokens via clients.plex.tv/devices.xml, which could lead to token disclosur...
EUVD-2020-26899
Malware in sbrugna...