Cve

Three Security Findings in Tautulli: SSRF, JSONP Injection, and SQL Injection
Three Security Findings …

Background

Tautulli is a Python/CherryPy web application that sits alongside your Plex Media Server and gives you statistics, notifications, and monitoring for everything happening on your server. It is one of the most popular self-hosted Plex companion apps, and a lot of people run it exposed on …

March 27, 2026 Read
Unauthenticated SSRF in RustDesk Lets Anyone Port-Scan Your Internal Network
Unauthenticated SSRF in …

Background

RustDesk is an open-source remote desktop tool written in Rust. It is basically the self-hosted alternative to TeamViewer or AnyDesk, and it has gotten pretty popular because you can run your own relay and rendezvous server. That self-hosted server model is actually the interesting part …

March 6, 2026 Read
Finding an Authentication Bypass and Credential Disclosure in Seerr Using Claude and Bitwarden's AI Security Plugins
Finding an Authentication …

Background

I’ve been running Seerr at home for a while now. It’s a self-hosted media request manager, forked from Jellyseerr/Overseerr, and it’s the kind of app that gets exposed to the internet pretty regularly since family members need to be able to submit requests. That always …

February 27, 2026 Read