Lucene search

K

Navidrome Security Vulnerabilities

cve
cve

CVE-2024-32963

Navidrome is an open source web-based music collection server and streamer. In affected versions of Navidrome are subject to a parameter tampering vulnerability where an attacker has the ability to manipulate parameter values in the HTTP requests. The attacker is able to change the parameter...

4.2CVSS

6.5AI Score

0.0004EPSS

2024-05-01 07:15 AM
27
cve
cve

CVE-2023-51442

Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON Web Token (JWT) signed...

8.6CVSS

8.8AI Score

0.0005EPSS

2023-12-21 03:15 PM
15
cve
cve

CVE-2022-23857

model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the...

6.5CVSS

6.5AI Score

0.001EPSS

2022-01-24 02:15 AM
49