7 matches found
CVE-2026-10696
CVE-2026-10696 affects Devolutions UniGetUI 2026.2.0 and earlier. The root cause is an incorrectly resolved name/reference in the pinget backend, which can allow a WinGet community catalog contributor to cause an installed application to be correlated to an unrelated, attacker-controlled catalog ...
PT-2026-50524
Name of the Vulnerable Software and Affected Versions Devolutions UniGetUI versions prior to 2026.2.1 Description The pinget backend contains an issue where names or references are incorrectly resolved. This allows a WinGet community catalog contributor to correlate an installed application with ...
Command Injection
Overview intake is a Data catalog, search and load Affected versions of this package are vulnerable to Command Injection via the catalog parsing when the shell syntax is used within parameter default values. An attacker can execute arbitrary commands on the host system by crafting a malicious...
CVE-2026-33310
Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...
CVE-2026-33310
Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...
GHSA-37G4-QQQV-7M99 Intake has a Command Injection via shell() Expansion in Parameter Defaults
Summary The shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command may be executed when the catalog source is accessed. This means that if a user loads a malicious...
PT-2026-26476
Name of the Vulnerable Software and Affected Versions Intake versions prior to 2.0.9 Description Intake is a package used for finding, investigating, loading, and disseminating data. A flaw exists where the shell syntax within parameter default values is automatically expanded during catalog...