Lucene search
+L

8 matches found

Cvelist
Cvelist
added 2026/06/04 2:17 p.m.40 views

CVE-2026-41065 Tautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template Directory

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 are vulnerable to remote code execution via the newsletter custom template directory feature. On a fresh install before the setup wizard is completed, all management endpoints are completely...

9.3CVSS0.00434EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:50 p.m.8 views

CVE-2026-40605

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.1, a path traversal vulnerability in the cache deletion endpoint allows authenticated API access to delete directories outside the configured cache path. This can cause arbitrary data loss and...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46258

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose configUpdate as a state-changing administrator endpoint, but the route does not enforce POST and does not use any anti-CSRF token. In the default form and JWT-based authentication mode,...

8.8CVSS5.8AI score0.00146EPSS
Exploits0References3
NVD
NVD
added 2026/04/17 1:16 p.m.15 views

CVE-2026-6486

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...

5.1CVSS0.00212EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/17 12:15 p.m.8 views

CVE-2026-6486

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...

5.1CVSS4.1AI score0.00212EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

fontconfig 安全漏洞

Fontconfig is an open-source font-related computer library developed by freedesktop. Versions of Fontconfig prior to 2.17.1 contained security vulnerabilities. These vulnerabilities stemmed from errors in the allocation process during sfnt processing, which could lead to one-byte out-of-bound...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.6 views

LocalAI 安全漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A security vulnerability exists in LocalAI version 2.17.1, which stems from mishandling of automatic archive extraction, allowing arbitrary file writes that could lead to remote code execution R...

9.8CVSS8.3AI score0.01501EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/11/11 12:0 a.m.6 views

Ec-cube 跨站请求伪造漏洞

EC-CUBE is an open source system for creating shopping websites. EC-CUBE versions 2.11.0 - 2.17.1 have a cross-site request forgery vulnerability in the administration interface. An attacker could exploit the vulnerability to remove administrators by tricking a user with administrative privileges...

6.5CVSS5.5AI score0.00533EPSS
Exploits1References5
Rows per page
Query Builder