10 matches found
EUVD-2018-6583
Malware in sbrugna...
CVE-2025-48948 Navidrome Transcoding Permission Bypass Vulnerability Report
Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating,...
CVE-2025-48948
Navidrome (open source web-based music server) has a permission verification flaw in versions prior to 0.56.0 that lets any authenticated regular user bypass authorization checks and perform administrator-only transcoding configuration operations (create, modify, delete settings). Root cause: ins...
CVE-2025-48948
Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating,...
PT-2025-23229 · Navidrome · Navidrome
Name of the Vulnerable Software and Affected Versions: Navidrome versions prior to 0.56.0 Description: A permission verification flaw in Navidrome allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including...
Subsonic cross-site scripting vulnerability (CNVD-2018-20096)
Subsonic is a media file hosting platform developed and maintained by software developer Sindre Mehus. A cross-site scripting vulnerability exists in the settings of the translation code in Subsonic version 6.1.1. A remote attacker can exploit the vulnerability by sending multiple parameters to t...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
CVE-2018-14689
An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the namex, sourceformatsx, targetFormatx, step1x, and step2x parameters where x is an integer to transcodingSettings.view that could be used to steal session...
CVE-2018-14689
Subsonic 6.1.1 is affected by five stored cross‑site scripting vulnerabilities in transcodingSettings.view parameters (name[x], sourceformats[x], targetFormat[x], step1[x], step2[x]). Impact: potential to steal session information of a victim. Root cause: stored XSS in the transcoding settings. A...