Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subsonic vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-9282
An XSS issue exists in Subsonic Media Server 6.1.1. The podcast subscription form is affected by a stored XSS vulnerability in the add parameter to podcastReceiverAdmin.view; no administrator access is required. By injecting a JavaScript payload, this flaw could be used to manipu...
Subsonic Subsonic 6.1.1
4.3
CVSSv2
CVE-2018-1000664
daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appea...
Dsub For Subsonic Project Dsub For Subsonic 5.4.1
7.8
CVSSv2
CVE-2008-2391
SubSonic allows remote malicious users to bypass pagesize limits and cause a denial of service (CPU consumption) via a pageindex (aka data page number) of -1.
Codeplex Subsonic
4.3
CVSSv2
CVE-2018-15898
The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle malicious users to obtain interaction data.
Subsonic Music Streamer 4.4
NA
CVE-2023-51442
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This exploit enables unauthorized access to any known account by utilizing a JSON We...
Navidrome Navidrome
5
CVSSv2
CVE-2021-21399
Ampache is a web based audio/video streaming application and file manager. Versions before 4.4.1 allow unauthenticated access to Ampache using the subsonic API. To successfully make the attack you must use a username that is not part of the site to bypass the auth checks. For mor...
Ampache Ampache
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2