tautulli · threatengine.sh

CVE-2026-32275

>= 1.3.10 and < 2.17.0

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an un

9.1CRITICAL

CVE-2026-31831

< 2.17.0

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/imag

7.5HIGH

CVE-2026-31804

< 2.17.0

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms_image_proxy endpo

4.0MEDIUM

CVE-2026-31799

>= 2.1.0 and < 2.17.0

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for pa

4.9MEDIUM

CVE-2026-28505

< 2.17.0

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str_eval() function in

10.0CRITICAL

CVE-2025-58763

< 2.16.0

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15

8.0HIGH

CVE-2025-58762

< 2.16.0

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with a

9.1CRITICAL

CVE-2025-58761

< 2.16.0

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The real_pms_image_proxy endpoint in Tautulli v2.

8.6HIGH

CVE-2025-58760

< 2.16.0

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The /image API endpoint in Tautulli v2.15.3 and e

8.6HIGH

CVE-2019-19833

all versions

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can

6.5MEDIUM

CVE-2019-8939

all versions

data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing t

6.1MEDIUM