VYPR
Vendor

Plexcor

Products
3
CVEs
16
Across products
18
Status
Private

Products

3

Recent CVEs

16
  • CVE-2025-34101CriJul 10, 2025
    risk 0.69cvss epss 0.03

    An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed…

  • CVE-2020-36877CriDec 5, 2025
    risk 0.60cvss epss 0.01

    ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote…

  • CVE-2020-36876HigDec 5, 2025
    risk 0.57cvss epss 0.00

    ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and…

  • CVE-2021-4465HigNov 14, 2025
    risk 0.57cvss epss 0.00

    ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP…

  • CVE-2025-34158HigAug 21, 2025
    risk 0.55cvss 8.5epss 0.01

    Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner (and a /api/resources call reveals other servers accessible by that server owner).

  • CVE-2014-9304Dec 7, 2014
    risk 0.04cvss epss 0.08

    Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in…

  • CVE-2014-9181Dec 2, 2014
    risk 0.04cvss epss 0.09

    Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to…

  • CVE-2020-36893Dec 10, 2025
    risk 0.01cvss epss 0.01

    Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the 'oldfile' GET parameter to view sensitive configuration files like…

  • CVE-2021-42835Dec 8, 2021
    risk 0.01cvss epss 0.01

    An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foothold in a endpoint via a low-privileged user account) can access the exposed RPC service of the update service component. This RPC functionality allows the attacker to interact…

  • CVE-2025-69417Jan 2, 2026
    risk 0.00cvss epss 0.00

    In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.

  • CVE-2025-69416Jan 2, 2026
    risk 0.00cvss epss 0.00

    In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.

  • CVE-2025-69415Jan 2, 2026
    risk 0.00cvss epss 0.00

    In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.

  • CVE-2025-69414Jan 2, 2026
    risk 0.00cvss epss 0.00

    Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.

  • CVE-2024-4464Dec 18, 2024
    risk 0.00cvss epss 0.01

    Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.

  • CVE-2021-33959Jan 18, 2023
    risk 0.00cvss epss 0.15

    Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.

  • CVE-2005-4480Dec 22, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.