Vulnerabilities in Plex
5 resultsCVE-2025-34158HIGHPlex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/aEPSS 0.5%CVE-2025-69416MEDIUMIn the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrEPSS 0.3%CVE-2025-69417MEDIUMIn the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrEPSS 0.3%CVE-2025-69415HIGHIn Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether EPSS 0.3%CVE-2025-69414HIGHPlex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient accessEPSS 0.2%