Lucene search
K
PlexMedia Server

14 matches found

CVE
CVE
added 2019/12/19 10:28 p.m.1940 views

CVE-2019-19141

The Plex Media Server CVE-2019-19141 vulnerability affects the Camera Upload feature through version 1.18.2.2029. It permits remote authenticated users to write files anywhere the Plex process user has permissions, enabling remote code execution. The described attack path includes directory trave...

8.8CVSS8.7AI score0.04353EPSS
CVE
CVE
added 2020/05/08 12:2 p.m.753 views

CVE-2020-5741

Plex Media Server on Windows prior to version 1.19.3 is affected by CVE-2020-5741: an authenticated attacker can trigger unsafe Python pickle deserialization (Dict file) during camera-upload related processing, leading to remote code execution as the OS user who runs Plex. Public references descr...

7.2CVSS7.2AI score0.72936EPSS
In wildWeb
CVE
CVE
added 2023/01/18 12:0 a.m.661 views

CVE-2021-33959

Summary: Multiple sources report a DoS/reflection vulnerability in Plex Media Server affecting version 1.21 and earlier (with OpenVAS citing <1.21.3.4014). The Red Hat and CNNVD entries align on “Plex media server … ddos reflection attack via plex service.” The issue is described as an access-...

7.5CVSS7.5AI score0.15035EPSS
CVE
CVE
added 2020/06/15 7:26 p.m.291 views

CVE-2020-5742

CVE-2020-5742 : Affected software is Plex Media Server. The vulnerability is due to improper access control, allowing any origin to execute cross-origin application requests prior to 2020-06-15. The root cause is inadequate restriction on cross-origin interactions, enabling potentially unauthoriz...

8.8CVSS8.7AI score0.01415EPSS
CVE
CVE
added 2020/04/22 3:2 p.m.122 views

CVE-2020-5740

Plex Media Server (Windows) is affected by CVE-2020-5740 due to improper input validation. The vulnerability allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges through the Plex update service/related input handling. This is a local privilege-escalatio...

7.8CVSS7.9AI score0.00747EPSS
CVE
CVE
added 2019/11/18 4:30 p.m.93 views

CVE-2018-21031

CVE-2018-21031 affects Tautulli versions up to 2.1.38. The flaw arises from mishandling the X-Plex-Token, which can be retrieved from Tautulli and used to bypass access controls on Plex Media Server. The description indicates the affected product is Tautulli (not Plex Media Server itself), and it...

6.5CVSS6.4AI score0.02059EPSS
CVE
CVE
added 2018/08/13 5:0 p.m.76 views

CVE-2018-13415

CVE-2018-13415 affects Plex Media Server 1.13.2.5154, specifically the XML parsing engine used for SSDP/UPnP. The vulnerability is an XML External Entity Processing (XXE) flaw that allows unauthenticated attackers on the same network to: (1) read arbitrary files on the host filesystem, (2) establ...

9.8CVSS9.6AI score0.31809EPSS
Web
CVE
CVE
added 2021/12/08 2:34 p.m.76 views

CVE-2021-42835

Plex Media Server up to version 1.24.4.5081-e362dc1ee is affected by a TOCTOU race in the exposed RPC interface of the Product Update Service, enabling a local attacker with a low-privileged account to interact with the RPC and execute code from a chosen path (local or via SMB) with the update se...

7CVSS7.1AI score0.01166EPSS
CVE
CVE
added 2014/12/07 9:0 p.m.48 views

CVE-2014-9304

Plex Media Server prior to 0.9.9.3 is affected. The issue allows remote attackers to bypass the web server whitelist, perform SSRF via multiple crafted X-Plex-Url headers to system/proxy, and take arbitrary administrative actions due to inconsistent processing in the backend request handler. Impa...

7.5CVSS7.6AI score0.08109EPSS
Web
CVE
CVE
added 2014/12/02 4:0 p.m.46 views

CVE-2014-9181

Plex Media Server (pre-0.9.9.3) is affected by CVE-2014-9181, which describes multiple directory traversal vulnerabilities that allow an attacker to read arbitrary files by supplying a .. sequence in the URI to endpoints such as manage/, web/, or resources/. The Red Hat advisory and CVE records c...

5CVSS6.6AI score0.09484EPSS
CVE
CVE
added 2026/01/02 4:52 p.m.42 views

CVE-2025-69416

Summary of CVE-2025-69416 : In Plex Media Server (PMS) prior to or within versions affected by PMS build times up to 1.43.0.10389, a non-server device token can retrieve other tokens intended for unrelated access via the plex.tv backend (devices.xml). The connected OpenVAS entry corroborates a PM...

5CVSS6.6AI score0.00274EPSS
CVE
CVE
added 2026/01/02 4:49 p.m.21 views

CVE-2025-69415

CVE-2025-69415 affects Plex Media Server (PMS). According to NVD/narratives, PMS <= 1.42.2.10156 allows accessing /myplex/account with a device token that is not properly aligned with the device’s current account association. The OpenVAS entry for Plex Media Server

7.1CVSS6.5AI score0.00255EPSS
Web
CVE
CVE
added 2026/01/02 4:43 p.m.15 views

CVE-2025-69414

Plex Media Server (PMS) shows token leakage vulnerabilities across multiple CVEs. Specifically, CVE-2025-69414 (PMS up to 1.42.2.10156) allows retrieval of a permanent access token via /myplex/account using a transient token. OpenVAS notes PMS

8.5CVSS6.5AI score0.00214EPSS
Web
CVE
CVE
added 2026/01/02 4:55 p.m.15 views

CVE-2025-69417

PVE-2025-69417 affects Plex Media Server (PMS) prior to latest updates. The issue arises when a non-server device token can retrieve share tokens intended for unrelated access via the shared_servers endpoint, indicating an access-control weakness in PMS’s token handling. Public references in the ...

5CVSS6.5AI score0.00274EPSS