5 matches found
Devolutions UniGetUI < 2026.2.1 Arbitrary Code Execution (DEVO-2026-0019)
The version of Devolutions UniGetUI installed on the remote host is 2026.2.0 or earlier. It is, therefore, affected by an arbitrary code execution vulnerability: - Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet...
CVE-2026-10696
Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an...
CVE-2026-10696
CVE-2026-10696 affects Devolutions UniGetUI 2026.2.0 and earlier. The root cause is an incorrectly resolved name/reference in the pinget backend, which can allow a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog ...
EUVD-2026-37781
Use of an incorrectly resolved name or reference in the pinget backend in Devolutions UniGetUI 2026.2.0 and earlier allows a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog package and to execute an...
PT-2026-50524
Name of the Vulnerable Software and Affected Versions Devolutions UniGetUI versions prior to 2026.2.1 Description The pinget backend contains an issue where names or references are incorrectly resolved. This allows a WinGet community catalog contributor to correlate an installed application with ...