Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/26 11:21 p.m.14 views

EUVD-2026-38068

gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host...

8.1CVSS5.9AI score0.00269EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:8 p.m.5 views

CVE-2026-49338

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can delete...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/19 7:8 p.m.26 views

CVE-2026-49338

The CVE covers gonic, a Subsonic-compatible music server. Before 0.21.0, Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view allowed any authenticated user to delete or read any other user’s private playlist due to missing per-resource authorization. The playlist ID is bas...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2021/04/13 8:15 p.m.4 views

UBUNTU-CVE-2021-21399

Ampache is a web based audio/video streaming application and file manager. Versions prior to 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For more details and...

9.1CVSS7AI score0.01438EPSS
Exploits1References3
Rows per page
Query Builder