SUSE CVE-2026-34385

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

SUSE CVE-2026-26186

Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...

CVE-2026-24004

CVE-2026-24004 affects Fleet open source device management software prior to 4.80.1. The issue is in Android MDM Pub/Sub handling, allowing unauthenticated requests to trigger unenrollment events, potentially removing individual Android devices from Fleet management. Impact is disruption of Andro...

CVE-2026-26186 Fleet has a SQL injection via backtick escape in ORDER BY parameter

Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input...

CVE-2025-62149

CVE-2025-62149 concerns the WordPress plugin “Add Custom Codes” (affected: versions up to 4.80) with an authenticated Stored XSS vulnerability. The Wordfence entry labels it as an issue exploitable by an authenticated user with the Author role, via input during web page generation. The provided d...

EUVD-2025-202021

Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2025-62739 WordPress Add Custom Codes plugin <= 4.80 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Cross Site Request Forgery.This issue affects Add Custom Codes: from n/a through = 4.80...

CVE-2024-47530

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lac...

Arbitrary File Read

Overview snyk-broker is a package that proxies access between snyk.io and your Git repositories, such as GitHub Enterprise, GitHub.com and Bitbucket Server. Snyk Broker can also be used to enable a secure connection with your on-premise Jira deployment. Affected versions of this package are...