emby

Top products

The 15 most recently published vulnerabilities affecting emby.

• CVE-2025-64113Emby Server allows attackers to gain administrative server access without preconditions9.8Dec 9, 2025
• CVE-2025-64325Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard9.0Nov 18, 2025
• CVE-2025-46391CWE-284: Improper Access Control6.5Aug 6, 2025
• CVE-2025-46390CWE-204: Observable Response Discrepancy7.5Aug 6, 2025
• CVE-2025-46389CWE-620: Unverified Password Change6.5Aug 6, 2025
• CVE-2025-46388CWE-200 Exposure of Sensitive Information to an Unauthorized Actor4.3Aug 6, 2025
• CVE-2025-46387CWE-639 Authorization Bypass Through User-Controlled Key8.8Aug 6, 2025
• CVE-2025-46386CWE-639 Authorization Bypass Through User-Controlled Key8.8Aug 6, 2025
• CVE-2025-46385CWE-918 Server-Side Request Forgery (SSRF)8.6Jul 20, 2025
• CVE-2025-46384CWE-434 Unrestricted Upload of File with Dangerous Type8.8Jul 20, 2025
• CVE-2025-46383CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')6.1Jul 20, 2025
• CVE-2023-4167Media Browser Emby Server cross site scripting3.5Aug 5, 2023
• CVE-2021-25827Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address.9.8Jun 28, 2023
• CVE-2021-25828Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web.6.1Jun 28, 2023
• CVE-2023-33193Emby Server Proxy Header Spoofing Vulnerability9.1May 30, 2023