Vulnerabilidades em jellyfin
14 resultadosCVE-2021-21402HIGHUnauthenticated Arbitrary File Access in JellyfinEPSS 79.9%CVE-2021-29490MEDIUMUnauthenticated GET requests through Remote Image endpointsEPSS 69.9%CVE-2023-30626HIGHJellyfin vulnerable to directory traversal and file write causing arbitrary code executionEPSS 2.0%CVE-2023-30627CRITICALjellyfin-web has a stored cross-site scripting vulnerability in devices.jsEPSS 1.3%CVE-2023-49096HIGHArgument Injection in FFmpeg codec parameters in JellyfinEPSS 1.3%CVE-2023-48702HIGHJellyfin Possible Remote Code Execution via custom FFmpeg binaryEPSS 1.2%CVE-2026-35031CRITICALJellyfin: Potential RCE via subtitle upload path traversal + .strm chainEPSS 0.8%CVE-2025-32012MEDIUMJellyfin Vulnerable to Denial of Service (DoS) via IP SpoofingEPSS 0.6%CVE-2025-31499HIGHJellyfin Vulnerable to Argument Injection in FFmpegEPSS 0.6%CVE-2026-31852CRITICALJellyfin Possible Organization/Secret Compromise from dangerous CI implementationEPSS 0.4%CVE-2024-43801MEDIUMPrivilege escalation to admin from a low-privileged user via SVG upload in JellyfinEPSS 0.3%CVE-2026-35033CRITICALJellyfin: Potential SSRF + Arbitrary file read via stream argument injectionEPSS 0.3%CVE-2026-35032HIGHJellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tunerEPSS 0.3%CVE-2026-35034MEDIUMJellyfin: Potential Application DoS from excessively large SyncPlay group namesEPSS 0.3%