Skip to main content

Qbittorrent

4 CVEs product

Monthly

CVE-2023-30801 CRITICAL Act Now

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qbittorrent
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2019-13640 CRITICAL POC Act Now

In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Qbittorrent
NVD GitHub
CVSS 3.0
9.8
EPSS
7.9%
CVE-2017-6504 MEDIUM PATCH This Month

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qbittorrent
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6503 MEDIUM PATCH This Month

WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Qbittorrent
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
EPSS 1% CVSS 9.8
CRITICAL Act Now

All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qbittorrent
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Qbittorrent
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qbittorrent
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Qbittorrent
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy