Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/26 11:33 p.m.12 views

EUVD-2026-38067

Subsonic API: any authenticated user can delete or read any other user's playlist IDOR...

7.1CVSS5.8AI score0.00168EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 11:33 p.m.3 views

GHSA-HMGP-W9JM-VP95 Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)

Summary In gonic, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can: 1. Delete any playlist owned by any other user including admin by passing its id. 2. Read the full...

7.1CVSS5.8AI score0.00168EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 7:8 p.m.25 views

CVE-2026-49338

The CVE covers gonic, a Subsonic-compatible music server. Before 0.21.0, Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view allowed any authenticated user to delete or read any other user’s private playlist due to missing per-resource authorization. The playlist ID is bas...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:8 p.m.20 views

CVE-2026-49338 Subsonic API: any authenticated user can delete or read any other user's playlist (IDOR)

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can delete...

7.1CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 6:23 p.m.19 views

CVE-2026-49339 Path traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user's playlist

gonic is a music streaming server / free-software subsonic server API implementation. The maintainer's fix in commit 6dd71e6a3c966867ef8c900d359a7df75789f410 added an ownership check based on playlist.UserID. However, playlist.UserID is derived from the first path segment of the attacker-controll...

7.1CVSS0.00262EPSS
Exploits0References3
Rows per page
Query Builder