4 matches found
CVE-2026-27793
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the GET /api/v1/user/:id endpoint returns the full settings object for any user, including Pushover, Pushbullet, and Telegram credentials, to any authenticated requester regardless of...
EUVD-2026-9055
Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the GET /api/v1/user/:id endpoint returns the full settings object for any user, including Pushover, Pushbullet, and Telegram credentials, to any authenticated requester regardless of...
PT-2026-22383
Name of the Vulnerable Software and Affected Versions Seerr versions prior to 3.1.0 Description Seerr is a media request and discovery manager for Jellyfin, Plex, and Emby. The GET /api/v1/user/:id API endpoint improperly discloses the full settings object for any user, including credentials for...
CVE-2024-0366
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...