Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Tautulli — Vulnerabilities & Security Advisories 9

All 9 CVE vulnerabilities found in Tautulli, with AI-generated Chinese analysis, references, and POCs.

Vendor: Tautulli

CVE IDTitleCVSSSeverityPublished
CVE-2026-32275 Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft CWE-79 7.6 -2026-03-30
CVE-2026-31799 Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters CWE-89 4.9 Medium2026-03-30
CVE-2026-31831 Tautulli: Unauthenticated Path Traversal in `/newsletter/image/images` endpoint CWE-23 7.5 -2026-03-30
CVE-2026-31804 Tautulli: Unauthenticated pms_image_proxy endpoint proxies arbitrary HTTP requests through the Plex Media Server CWE-918 4.0 Medium2026-03-30
CVE-2026-28505 Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check CWE-94 9.8 -2026-03-30
CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection CWE-78 8.1 High2025-09-09
CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent CWE-73 9.1 Critical2025-09-09
CVE-2025-58761 Tautulli vulnerable to Unauthenticated Path Traversal in `real_pms_image_proxy` CWE-27 8.6 High2025-09-09
CVE-2025-58760 Tautulli vulnerable to Unauthenticated Path Traversal in `/image` endpoint CWE-23 8.6 High2025-09-09

All 9 known CVE vulnerabilities affecting Tautulli with full Chinese analysis, references, and POCs where available.