Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2026/05/14 9:24 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

7.5CVSS5.7AI score0.00083EPSS
Exploits0References2
Snyk
Snykadded 2026/05/14 9:22 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

6.9CVSS5.7AI score0.00126EPSS
Exploits0References2
Snyk
Snykadded 2026/02/26 6:18 a.m.1 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Google Calendar integration configuration response in the app config endpoint. An attacker can retrieve the service account’s API key JSON including private key material by...

7.1CVSS6AI score0.00058EPSS
Exploits0References2
Snyk
Snykadded 2026/02/26 6:18 a.m.2 views

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the use of a predictable algorithm for generating device lock and wipe PINs based solely on the current Unix timestamp. An attacker can gain unauthorized access to...

5.5CVSS6AI score0.00023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/02/26 2:54 a.m.4 views

CVE-2026-27465

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

6.5CVSS5.5AI score0.00058EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/26 2:54 a.m.2 views

CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

5.3CVSS5.5AI score0.00058EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/26 12:5 a.m.3 views

CVE-2026-26186

Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...

8.8CVSS6AI score0.0006EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder