Vulnerabilities > Emby

DATE CVE VULNERABILITY TITLE RISK
2023-08-05 CVE-2023-4167 Unspecified vulnerability in Emby Emby.Releases 4.7.13.0
A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic.
network
low complexity
emby
6.1
2023-06-28 CVE-2021-25827 Authentication Bypass by Spoofing vulnerability in Emby
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.
network
low complexity
emby CWE-290
critical
9.8
2023-06-28 CVE-2021-25828 Cross-site Scripting vulnerability in Emby
Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.
network
low complexity
emby CWE-79
6.1
2023-05-30 CVE-2023-33193 HTTP Request Smuggling vulnerability in Emby Emby.Releases
Emby Server is a user-installable home media server which stores and organizes a user's media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices.
network
low complexity
emby CWE-444
critical
9.1
2022-12-16 CVE-2022-36223 Cross-site Scripting vulnerability in Emby 4.6.7.0
In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.
network
low complexity
emby CWE-79
6.1
2020-10-10 CVE-2020-26948 Server-Side Request Forgery (SSRF) vulnerability in Emby
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
network
low complexity
emby CWE-918
critical
9.8