CVE-2025-58763
- EPSS 0.37%
- Veröffentlicht 09.09.2025 20:13:44
- Zuletzt bearbeitet 18.09.2025 20:30:01
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. ...
CVE-2025-58762
- EPSS 0.61%
- Veröffentlicht 09.09.2025 20:08:27
- Zuletzt bearbeitet 18.09.2025 16:57:38
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the `pms_image_proxy` endpoint to write arbitrary python scripts into the application files...
CVE-2025-58761
- EPSS 0.12%
- Veröffentlicht 09.09.2025 19:59:17
- Zuletzt bearbeitet 18.09.2025 17:23:40
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `real_pms_image_proxy` endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the appl...
CVE-2025-58760
- EPSS 0.15%
- Veröffentlicht 09.09.2025 19:56:57
- Zuletzt bearbeitet 18.09.2025 17:30:18
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `/image` API endpoint in Tautulli v2.15.3 and earlier is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application ...
CVE-2019-19833
- EPSS 61.27%
- Veröffentlicht 18.12.2019 18:15:20
- Zuletzt bearbeitet 21.11.2024 04:35:29
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
CVE-2019-8939
- EPSS 0.23%
- Veröffentlicht 19.02.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:50:42
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.