Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/12/19 10:13 p.m.5 views

CVE-2025-34452

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

8.7CVSS7.7AI score0.04964EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/19 12:31 a.m.5 views

EUVD-2025-204401

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

8.7CVSS7.6AI score0.04964EPSS
Exploits0References4
NVD
NVD
added 2025/12/18 10:15 p.m.11 views

CVE-2025-34452

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

8.7CVSS0.04964EPSS
Exploits0References3
OSV
OSV
added 2025/12/18 9:30 p.m.6 views

CVE-2025-34452 Streama Subtitle Download Path Traversal and SSRF Leading to Arbitrary File Write

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

8.7CVSS6.4AI score0.04964EPSS
Exploits0References6
CVE
CVE
added 2025/12/18 9:30 p.m.15 views

CVE-2025-34452

The CVE-2025-34452 entry affects Streama versions 1.10.0–1.10.5 and prior to commit b7c8767. It describes a combined path traversal and server-side request forgery (SSRF) in the subtitle download feature where user-controlled parameters form file paths and fetch remote content, enabling an authen...

8.7CVSS7.7AI score0.04964EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/18 9:30 p.m.3 views

CVE-2025-34452 Streama Subtitle Download Path Traversal and SSRF Leading to Arbitrary File Write

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

8.7CVSS7.7AI score0.04964EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.9 views

PT-2025-52354

Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery SSRF vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download...

8.7CVSS8.1AI score0.04964EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.5 views

Streama 代码问题漏洞

Streama is a self-hosted streaming media server. A code issue vulnerability exists in Streama versions 1.10.0 through 1.10.5 and prior to b7c8767, which stems from a path traversal and server-side request forgery in the subtitle download feature that could lead to remote code execution...

8.7CVSS7.7AI score0.04964EPSS
Exploits0References3
OSV
OSV
added 2023/12/15 8:42 p.m.23 views

CVE-2023-50265 Bazarr Arbitrary file read in /api/swaggerui/static endpoint

Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the sendfile function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1...

7.5CVSS7.4AI score0.00924EPSS
Exploits1References5
Rows per page
Query Builder