lufinkey

1 exploit Active since Aug 2025
CVE-2025-34158 WRITEUP HIGH WRITEUP
Plex Media Server <1.42.1 - Info Disclosure
Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner (and a /api/resources call reveals other servers accessible by that server owner).
CVSS 8.5