| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32275 | Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft | Tautulli | Tautulli | 中危 | - | 2026-03-30 19:43:07 | Deep Dive |
| CVE-2026-31799 | Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters | Tautulli | Tautulli | Medium | 4.9 | 2026-03-30 19:42:57 | Deep Dive |
| CVE-2026-31831 | Tautulli: Unauthenticated Path Traversal in `/newsletter/image/images` endpoint | Tautulli | Tautulli | 中危 | - | 2026-03-30 19:42:23 | Deep Dive |
| CVE-2026-31804 | Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server | Tautulli | Tautulli | Medium | 4.0 | 2026-03-30 19:42:10 | Deep Dive |
| CVE-2026-28505 | Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check | Tautulli | Tautulli | 中危 | - | 2026-03-30 19:41:55 | Deep Dive |
| CVE-2025-58763 | Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection | Tautulli | Tautulli | High | 8.0 | 2025-09-09 20:13:45 | Deep Dive |
| CVE-2025-58762 | Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent | Tautulli | Tautulli | Critical | 9.1 | 2025-09-09 20:08:28 | Deep Dive |
| CVE-2025-58761 | Tautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy` | Tautulli | Tautulli | High | 8.6 | 2025-09-09 19:59:17 | Deep Dive |
| CVE-2025-58760 | Tautulli vulnerable to Unauthenticated Path Traversal in `/image` endpoint | Tautulli | Tautulli | High | 8.6 | 2025-09-09 19:56:58 | Deep Dive |