3 matches found
EUVD-2026-38067
Subsonic API: any authenticated user can delete or read any other user's playlist IDOR...
EUVD-2026-38062
gonic: Path Traversal in playlist id bypasses ownership check, enabling any user to read/delete other users' playlists...
CVE-2026-49340
gonic is a music streaming server / Subsonic API implementation. Before v0.21.0, a logic error in ServeCreateOrUpdatePlaylist lets any authenticated Subsonic user, including non-admins, write playlist M3U content to an attacker-controlled absolute filesystem path on the host and create intermedia...