Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25586 | 1 Deluge-torrent | 1 Deluge | 2026-03-22 | 6.2 Medium |
| Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash. | ||||
| CVE-2019-25585 | 1 Deluge-torrent | 1 Deluge | 2026-03-22 | 6.2 Medium |
| Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Webseeds field. Attackers can paste a buffer of 5000 bytes into the Webseeds field during torrent creation to trigger an application crash. | ||||
| CVE-2017-7178 | 2 Debian, Deluge-torrent | 2 Debian Linux, Deluge | 2025-04-20 | 8.8 High |
| CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin. | ||||
| CVE-2017-9031 | 1 Deluge-torrent | 1 Deluge | 2025-04-20 | N/A |
| The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file. | ||||
| CVE-2021-3427 | 1 Deluge-torrent | 1 Deluge | 2024-11-21 | 6.1 Medium |
| The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session. | ||||
Page 1 of 1.