Lucene search
K

9 matches found

CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

Tautulli 安全漏洞

Tautulli is an open-source application developed by Tautulli for monitoring Plex Media Server. Versions of Tautulli prior to 2.17.1 contained security vulnerabilities. These vulnerabilities stemmed from exposing the logjserrors endpoint to any authenticated user. Attackers were able to directly...

8.9CVSS5.1AI score0.00207EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/30 7:42 p.m.21 views

CVE-2026-31804 Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pmsimageproxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the scheme...

4CVSS0.00277EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/01/01 12:39 a.m.195 views

Exploit for Cross-Site Request Forgery (CSRF) in Tautulli

Tautulli v2.1.9 - Shutdown Denial of Service Tautulli version...

6.5CVSS7AI score0.14706EPSS
Exploits9
CVE
CVE
added 2025/09/09 8:13 p.m.23 views

CVE-2025-58763

Tautulli (Python-based Plex monitoring) has a command-injection vulnerability affecting v2.15.3 and earlier. The flaw arises when cloning from GitHub and installing manually, where the update/version logic calls runGit via subprocess.Popen with shell=True. The checkout_git_branch path stores un s...

8CVSS8.2AI score0.01675EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/09/09 8:8 p.m.12 views

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

9.1CVSS0.00765EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/09 8:8 p.m.4 views

CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...

9.1CVSS7.5AI score0.00765EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.6 views

PT-2025-36569

Name of the Vulnerable Software and Affected Versions: Tautulli versions prior to 2.16.0 Description: Tautulli is a Python-based monitoring and tracking tool for Plex Media Server. An attacker with administrative access can exploit the pms image proxy endpoint to write arbitrary Python scripts in...

9.1CVSS7.9AI score0.00765EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 5:55 a.m.5 views

CVE-2019-19833

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. Also, anonymous access can be achieved in applications that do not have a user login area...

6.5CVSS6.8AI score0.14706EPSS
Exploits9References1
PyPA
PyPA
added 2019/02/19 4:29 p.m.6 views

PYSEC-2019-255

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page...

6.1CVSS6.1AI score0.0109EPSS
Exploits2References5Affected Software1
Rows per page
Query Builder