Lucene search
+L

553 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.20 views

PT-2026-40967

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description A flaw in the Windows MDM management endpoint allows requests to be processed without proper client certificate validation. The endpoint relies on mutual TLS mTLS—a process where both the client and...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/02 6:42 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the Apple MDM profile delivery pipeline. An attacker can access or modify sensitive database contents, such as user credentials, API tokens, and device enrollment secrets, by sending a malicious UDID during the MDM...

8.6CVSS6.2AI score0.00197EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 6:42 p.m.10 views

GO-2026-4913 Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin in github.com/fleetdm/fleet

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin in github.com/fleetdm/fleet...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.8 views

PT-2026-29276

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

6.3CVSS5.8AI score0.00196EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/30 7:18 p.m.11 views

EUVD-2026-16756

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin...

8.7CVSS6AI score0.00318EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 7:18 p.m.20 views

GHSA-9P23-P2M4-2R4M Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin

Summary A SQL Injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs v...

8.7CVSS6AI score0.00318EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/30 7:18 p.m.11 views

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin

Summary A SQL Injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs v...

8.8CVSS6AI score0.00318EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.5 views

CVE-2026-34386

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/27 8:24 p.m.4 views

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions via the launcher endpoint when an authenticated host sends an unexpected log type value. An attacker can cause the server process to terminate immediately, disrupting all connected...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 8:22 p.m.2 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 8:22 p.m.11 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 7:24 p.m.4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the MDM bootstrap package configuration. An attacker can modify arbitrary team configurations, exfiltrate sensitive data from the database, and inject arbitrary content into team configurations by sending crafted API...

8.8CVSS6.1AI score0.00318EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/27 7:19 p.m.3 views

CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 7:19 p.m.26 views

CVE-2026-34391

CVE-2026-34391 concerns Fleet, an open‑source device management platform. A flaw in Fleet’s Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data (e.g., WiFi credentials, VPN secrets, ...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/27 7:19 p.m.5 views

EUVD-2026-16799

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 7:16 p.m.17 views

CVE-2026-34385

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 6:30 p.m.25 views

CVE-2026-34386

Fleet is open source device management software. Before 4.81.0, a SQL injection vulnerability in Fleet’s MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet da...

8.8CVSS6AI score0.00318EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/27 6:30 p.m.31 views

CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS0.00318EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 6:30 p.m.9 views

CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/27 6:29 p.m.2 views

CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS6AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder