EUVD-2026-29725

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...

PT-2026-40330

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...

PT-2026-40331

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials. When DisableAuthForLocalAddresses ...

CVE-2026-32702

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by...

EUVD-2026-12144

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by...

PT-2026-25386

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login endpoint contains a logic flaw that allows unauthenticated remote attackers to enumerate valid usernames by...

CVE-2026-27707

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting in version 2.0.0 and prior to version 3.1.0, an authentication guard logic flaw in POST /api/v1/auth/jellyfin allows an unauthenticated attacker to register a new Seerr account on any Plex-configure...

CVE-2025-13130

A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment...

EUVD-2025-180537

A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment...

CVE-2025-13130

A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment...

CVE-2025-13130 Radarr Service Radarr.Console.exe default permission

A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment...

CVE-2025-13130

Radarr CVE-2025-13130 affects Radarr 5.28.0.10274. The vulnerability targets an unknown function in C:\ProgramData\Radarr\bin\Radarr.Console.exe (Service component), enabling manipulation that leads to incorrect default permissions. Exploitation is local-only (no network vector) and the issue is ...

CVE-2025-13130 Radarr Service Radarr.Console.exe default permission

A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment...

PT-2025-46919

Name of the Vulnerable Software and Affected Versions Radarr version 5.28.0.10274 Description A security issue exists in Radarr version 5.28.0.10274 related to incorrect default permissions. This issue stems from manipulation of an unknown function within the file...

Radarr 安全漏洞

Radarr is a movie management software from Radarr Open Source. A security vulnerability exists in Radarr version 5.28.0.10274, which stems from improperly set default permissions and could lead to a local environment attack...

Bazarr Arbitrary File Read Vulnerability

Bazarr is a companion app to Sonarr and Radarr that manages and downloads subtitles to your specifications. Bazarr suffers from an arbitrary file read vulnerability due to an issue in component /api/swaggerui/static in Bazaar v1.4.3 that allows an unauthenticated attacker to perform directory...