4 matches found
Devolutions UniGetUI < 2026.2.1 Arbitrary Code Execution (DEVO-2026-0019)
The version of Devolutions UniGetUI installed on the remote host is 2026.2.0 or earlier. It is, therefore, affected by an arbitrary code execution vulnerability: - Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet...
CVE-2026-10696
Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an...
CVE-2026-10696
CVE-2026-10696 affects Devolutions UniGetUI 2026.2.0 and earlier. The root cause is an incorrectly resolved name/reference in the pinget backend, which can allow a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog ...
EUVD-2026-37781
Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an...