Vulnerabilidades em Tautulli
14 resultadosCVE-2025-58763HIGHTautulli vulnerable to Authenticated Remote Code Execution via Command InjectionEPSS 1.7%CVE-2025-58762CRITICALTautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agentEPSS 0.8%CVE-2025-58761HIGHTautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy`EPSS 0.6%CVE-2025-58760HIGHTautulli vulnerable to Unauthenticated Path Traversal in `/image` endpointEPSS 0.6%CVE-2026-31831HIGHTautulli: Unauthenticated Path Traversal in `/newsletter/image/images` endpointEPSS 0.5%CVE-2026-28505HIGHTautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist checkEPSS 0.5%CVE-2026-41065HIGHTautulli Vulnerable to Unauthenticated/Authenticated Remote Code Execution via Newsletter Custom Template DirectoryEPSS 0.4%CVE-2026-31799MEDIUMTautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parametersEPSS 0.4%CVE-2026-32275HIGHTautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theftEPSS 0.3%CVE-2026-40605MEDIUMTautulli Vulnerable to Authenticated Path Traversal in Cache Deletion APIEPSS 0.3%CVE-2026-31804MEDIUMTautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media ServerEPSS 0.3%CVE-2026-43986CRITICALTautulli vulnerable to unauthenticated SSRF in /image/<hash> via attacker-seeded image hash replayEPSS 0.3%CVE-2026-43984HIGHTautulli has stored XSS in logFile via guest-controlled log_js_errors inputEPSS 0.2%CVE-2026-43985HIGHTaultulli has CSRF in /configUpdate via missing anti-CSRF and method restriction that allows admin credential takeoverEPSS 0.1%