CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...

CVE-2026-31799

CVE-2026-31799 affects Tautulli (Python-based Plex monitor) where the /api/v2?cmd=get_home_stats endpoint passes query parameters (section_id, user_id, before, after) directly into SQL via Python %-string formatting without parameterization, from versions 2.14.2–2.16.x (before 2.17.0) for certain...

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

PT-2012-5159 · Pbboard · Pbboard

Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the username parameter to the "send page", the email parameter to the "forget page"...