VYPR

Moviepilot

by Jxxghp

Source repositories

CVEs (2)

  • CVE-2026-11416HigJun 5, 2026
    risk 0.46cvss 8.1epss 0.00

    MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download directory with a filename taken directly from remote cloud API metadata…

  • CVE-2026-10107HigMay 29, 2026
    risk 0.43cvss 7.7epss 0.00

    MoviePilot v2 contains a server-side request forgery vulnerability in the image proxy endpoint that allows authenticated attackers to request arbitrary URLs by supplying a resource_token cookie and a URL whose domain matches the assembled allowlist. Attackers can bypass internal…