Every CVE whose affected-product data names Sick Media Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-49181 — CVSS 8.6 (high): Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker…
CVE-2025-49194 — CVSS 7.5 (high): The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to…
CVE-2025-49183 — CVSS 7.5 (high): All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver…
CVE-2025-49182 — CVSS 7.5 (high): Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get…
CVE-2025-49197 — CVSS 6.5 (medium): The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user…
CVE-2025-49195 — CVSS 5.3 (medium): The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and…
CVE-2025-49189 — CVSS 5.3 (medium): The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts…
CVE-2025-49192 — CVSS 4.3 (medium): The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a…
CVE-2025-49193 — CVSS 4.2 (medium): The application fails to implement several security headers. These headers help increase the overall security level of the web application…
CVE-2025-49198 — CVSS 3.1 (low): The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user…