Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plex vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3094
Malicious code exists in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific fun...
Tukaani Xz 5.6.1
Tukaani Xz 5.6.0
71 Github repositories
4 Articles
NA
CVE-2021-33959
Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.
Plex Media Server
1 Github repository
6.9
CVSSv2
CVE-2021-42835
An issue exists in Plex Media Server up to and including 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the malicious user to in...
Plex Media Server
1 Github repository
6.8
CVSSv2
CVE-2020-5742
Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.
Plex Media Server
6.5
CVSSv2
CVE-2020-5741
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated malicious user to execute arbitrary Python code.
Plex Media Server
7.2
CVSSv2
CVE-2020-5740
Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated malicious user to execute arbitrary Python code with SYSTEM privileges.
Plex Media Server
6.5
CVSSv2
CVE-2019-19141
The Camera Upload functionality in Plex Media Server up to and including 1.18.2.2029 allows remote authenticated users to write files anywhere the user account running the Plex Media Server has permissions. This allows remote code execution via a variety of methods, such as (on a...
Plex Media Server
4
CVSSv2
CVE-2018-21031
Tautulli versions 2.1.38 and below allows remote malicious users to bypass intended access control in Plex Media Server because the X-Plex-Token is mishandled and can be retrieved from Tautulli. NOTE: Initially, this id was associated with Plex Media Server 1.18.2.2029-36236cc4c ...
Plex Media Server 1.18.2.2029-36236cc4c
4.3
CVSSv2
CVE-2019-8939
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.
Tautulli Tautulli 2.1.26
7.5
CVSSv2
CVE-2018-13415
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same perm...
Plex Media Server 1.13.2.5154
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »