Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint

Summary A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets nodekey, orbitnodekey through a cursor-based binary search oracle. The endpoint accepted a user-supplied orderkey parameter that w...

GHSA-VXM7-9X8V-8GM4 Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint

Summary A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets nodekey, orbitnodekey through a cursor-based binary search oracle. The endpoint accepted a user-supplied orderkey parameter that w...

CVE-2026-35032

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

CVE-2018-6328

It was discovered that the Unitrends Backup UB before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes...

PT-2013-4890 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.2.2 Description: The issue is related to improper access restriction to hosts in the Foreman application. This allows remote attackers to access arbitrary hosts via an API request to the /api/v1/hosts endpoint, whi...