CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The remote host is affected by the vulnerability described in GLSA-202509-05 Plex Media Server: Incorrect resource transfer A vulnerability has been discovered in glibc. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly...

8.5CVSS5.8AI score0.00053EPSS

Exploits0References3

Gentoo Linux•added 2025/09/17 12:0 a.m.•4 views

Plex Media Server: Incorrect resource transfer

Background Plex media server is a media library that is intended for use with a plex client. Description A vulnerability has been discovered in glibc. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifier for details. Workaround There is...

8.5CVSS7.3AI score0.00053EPSS

Exploits0

Malwarebytes•added 2025/09/10 9:47 a.m.•6 views

Plex users: Reset your password!

Media streaming platform Plex has warned customers about a data breach, advising them to reset their password. Plex said an attacker broke into one of its databases, allowing them to access a "limited subset" of customer data. This included email addresses, usernames, hashed passwords, and...

7AI score

Exploits0

OSV•added 2025/09/09 8:13 p.m.•2 views

CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...

8CVSS8.4AI score0.00867EPSS

Exploits1References3

OSV•added 2025/09/09 7:59 p.m.•3 views

CVE-2025-58761 Tautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy`

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The realpmsimageproxy endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. The realpmsimageproxy i...

8.6CVSS6.9AI score0.00239EPSS

Exploits1References4

Cvelist•added 2025/09/09 7:56 p.m.•7 views

CVE-2025-58760 Tautulli vulnerable to Unauthenticated Path Traversal in `/image` endpoint

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The /image API endpoint in Tautulli v2.15.3 and earlier is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. In Tautulli, the /image API...

8.6CVSS0.00178EPSS

Exploits1References2

RedhatCVE•added 2025/08/23 2:30 p.m.•3 views

CVE-2025-34158

Plex Media Server PMS 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner and a /api/resources call reveals other servers accessible by that server owner...

8.5CVSS6.8AI score0.00053EPSS

Exploits0References1

OpenVAS•added 2025/08/22 12:0 a.m.•2 views

Plex Media Server 1.41.7.x - 1.42.0.x Resource Transfer Vulnerability

Plex Media Server is prone to an incorrect resource transfer vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.5CVSS6.8AI score0.00053EPSS

Exploits0References2

NVD•added 2025/08/21 2:15 p.m.•3 views

CVE-2025-34158

8.5CVSS0.00053EPSS

Exploits0References8

CVE•added 2025/08/21 1:43 p.m.•76 views

CVE-2025-34158

Summary: Plex Media Server (PMS) versions 1.41.7.x–1.42.0.x (before 1.42.1) are affected by token/credential disclosure through account and API surfaces, per CVE-2025-34158. Connected documents extend the impact to multiple PMS versions, noting PMS

8.5CVSS6.4AI score0.00053EPSS

Exploits0References8