CVE-2024-36814 - Adguard Home Arbitrary File Read

Adguard Home Arbitrary File Read TL;DR - Adguard Home deployments using versions 0.107.52 or lower are vulnerable to Arbitrary File Read which allowed a local authenticated user to target privilege...

Oct 6, 2024 CVE, Arbitrary File Read

CVE-2024-43801 - Jellyfin XSS

Jellyfin XSS TL;DR - Jellyfin deployments using versions 10.9.9 or lower are vulnerable to stored XSS which allowed privilege escalation to a platform administrator and ultimately to arbitrary cod...

Sep 1, 2024 CVE, XSS

CVE-2024-41808 - Unauthenticated log injection to account takeover

OpenObserve vulnerability chain TL;DR - OpenObserve deployments using version 0.9.1 or lower are vulnerable to the following privilege escalation chain: A malicious user submits logs via a serv...

Aug 4, 2024 CVE, Log Injection

CVE-2024-30931 - Emby XSS

Emby Media Server XSS TL;DR - Whilst playing with Emby Media Server 4.8.3.0, we found stored XSS and, due to other security configurations in the platform, we were able to craft a payload that res...

Jun 19, 2024 CVE, XSS