Vulnerabilities (CVE)

Filtered by vendor Last.fm Subscribe
Filtered by product Last.fm Desktop
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19251 1 Last.fm 1 Last.fm Desktop 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.