VYPR

Romm

by Rommapp

Source repositories

CVEs (5)

  • CVE-2025-54071CriJul 21, 2025
    risk 0.54cvss epss 0.01

    RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code…

  • CVE-2025-53908HigJul 16, 2025
    risk 0.47cvss epss 0.00

    RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest version of RomM and has multiple users, even unprivileged users, such as the kiosk…

  • CVE-2025-65027Dec 3, 2025
    risk 0.03cvss epss 0.00

    RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files…

  • CVE-2025-65097Dec 3, 2025
    risk 0.00cvss epss 0.00

    RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the…

  • CVE-2025-65096Dec 3, 2025
    risk 0.00cvss epss 0.00

    RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via…