Vulnerabilidades em leepeuker
8 resultadosCVE-2026-40349HIGHAuthenticated Movary User Can Self-Escalate to Administrator via PUT /settings/users/{userId} by Setting isAdmin=trueEPSS 0.5%CVE-2026-40350HIGHMovary User Management (/settings/users) has Authorization Bypass that Allows Low-Privileged Users to Enumerate All Users and Create Administrator AccountsEPSS 0.4%CVE-2026-40348HIGHMovary has Authenticated SSRF via Jellyfin Server URL Verification that Allows Internal Network ProbingEPSS 0.4%CVE-2026-23839CRITICALMovary vulnerable to Cross-site Scripting with `?categoryUpdated=` paramEPSS 0.3%CVE-2026-23840CRITICALMovary vulnerable to Cross-site Scripting with `?categoryDeleted=` paramEPSS 0.2%CVE-2026-23841CRITICALMovary vulnerable to Cross-site Scripting with `?categoryCreated=` paramEPSS 0.2%CVE-2025-64115MEDIUMMovary unvalidated Referer header allows open redirect and phishingEPSS 0.2%CVE-2025-64116MEDIUMMovary vulnerable to an open redirectEPSS 0.2%