Lucene search
K

592 matches found

RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.8 views

CVE-2026-35031

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS6.4AI score0.00753EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-6385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DV...

6.5CVSS6AI score0.00437EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/15 8:56 p.m.189 views

Exploit for CVE-2026-35031

CVE-2026-35031: Jellyfin Subtitle Upload Path Traversal to RCE...

9.9CVSS6.7AI score0.00753EPSS
Exploits1
OSV
OSV
added 2026/04/15 8:16 p.m.5 views

DEBIAN-CVE-2026-6385

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

6.5CVSS6AI score0.00437EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 7:18 p.m.4 views

CVE-2026-6385

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

6.5CVSS6.1AI score0.00437EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/15 7:18 p.m.16 views

CVE-2026-6385 Ffmpeg: ffmpeg: denial of service and potential arbitrary code execution via signed integer overflow in dvd subtitle parser

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

6.5CVSS0.00437EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 7:18 p.m.4 views

CVE-2026-6385 Ffmpeg: ffmpeg: denial of service and potential arbitrary code execution via signed integer overflow in dvd subtitle parser

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

6.5CVSS6.1AI score0.00437EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 7:18 p.m.31 views

CVE-2026-6385

FFmpeg vulnerability CVE-2026-6385: a signed integer overflow in the DVD subtitle parser’s fragment reassembly bounds checks can cause a heap out-of-bounds write when processing specially crafted MPEG-PS/VOB media with a malicious DVD subtitle stream. Impact includes denial of service via applica...

6.5CVSS6.1AI score0.00437EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/15 7:18 p.m.43 views

CVE-2026-6385

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds...

6.5CVSS6AI score0.00437EPSS
Exploits0
Snyk
Snyk
added 2026/04/15 7:11 p.m.6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the DVD subtitle parser due to a signed-integer overflow in fragment-reassembly bounds checks. An attacker can trigger a heap out-of-bounds write by supplying a specially crafted MPEG-PS/VOB media file,...

7.1CVSS5.8AI score0.00437EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-33167

Name of the Vulnerable Software and Affected Versions FFmpeg affected versions not specified Description A signed integer overflow exists in the DVD subtitle parser's fragment reassembly bounds checks. A remote attacker can exploit this by providing a specially crafted MPEG-PS/VOB media file...

6.5CVSS6.1AI score0.00437EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Red Hat AI Inference Server 安全漏洞

Red Hat AI Inference Server is a server product developed by Red Hat Inc. for artificial intelligence inference services. There is a security vulnerability in Red Hat AI Inference Server. This vulnerability stems from a symbolic integer overflow in the fragment recombination boundary check of the...

6.5CVSS6.1AI score0.00437EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 11:16 p.m.5 views

CVE-2026-35031

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS0.00753EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/04/14 10:18 p.m.4 views

CVE-2026-35031

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS6.5AI score0.00753EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 10:18 p.m.4 views

CVE-2026-35031

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS6.4AI score0.00753EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/14 10:18 p.m.7 views

EUVD-2026-22764

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS6.4AI score0.00753EPSS
Exploits1References2
CVE
CVE
added 2026/04/14 10:18 p.m.31 views

CVE-2026-35031

Summary: Jellyfin versions before 10.11.7 are affected by a vulnerability in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles) where the Format field isn’t validated, allowing path traversal via the file extension and leading to arbitrary file write. This can be chained to read via ....

9.9CVSS6.4AI score0.00753EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 10:18 p.m.6 views

CVE-2026-35031 Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS6.4AI score0.00753EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/14 10:18 p.m.31 views

CVE-2026-35031 Jellyfin: Potential RCE via subtitle upload path traversal + .strm chain

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS0.00753EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.12 views

PT-2026-32956

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.11.7 Description A flaw exists in the subtitle upload endpoint '/Videos/itemId/Subtitles' where the Format field is not validated. This allows path traversal via the file extension, enabling arbitrary file write...

9.9CVSS6.4AI score0.00753EPSS
Exploits1References8
Rows per page
Query Builder