Vulnerabilities > Qbittorrent > Qbittorrent > 1.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-10 | CVE-2023-30801 | Use of Hard-coded Credentials vulnerability in Qbittorrent All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. | 9.8 |
| 2019-07-17 | CVE-2019-13640 | OS Command Injection vulnerability in Qbittorrent In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed. | 9.8 |
| 2017-03-06 | CVE-2017-6504 | Improper Input Validation vulnerability in Qbittorrent WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. | 4.3 |
| 2017-03-06 | CVE-2017-6503 | Cross-site Scripting vulnerability in Qbittorrent WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | 4.3 |