VYPR
Vendor

Serviio

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2025-34101CriJul 10, 2025
    risk 0.64cvss epss 0.03

    An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed…

  • CVE-2017-20218HigMar 16, 2026
    risk 0.51cvss 7.8epss 0.00

    Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full…

  • CVE-2017-20220HigMar 16, 2026
    risk 0.49cvss 7.5epss 0.00

    Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without…

  • CVE-2017-20217HigMar 16, 2026
    risk 0.49cvss 7.5epss 0.01

    Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API…

  • CVE-2017-20219MedMar 16, 2026
    risk 0.40cvss 6.1epss 0.00

    Serviio PRO 1.8 DLNA Media Streaming Server contains a DOM-based cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads. Attackers can craft URLs with malicious input that is read from document.location…