CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2 days ago•5 views

EUVD-2025-210017

5.9AI score0.00007EPSS

NVD•added 3 days ago•4 views

CVE-2025-48652

7.8CVSS0.00007EPSS

OSV•added 3 days ago•2 views

ASB-A-452042097

7.8CVSS5.9AI score0.00007EPSS

NVD•added 2026/05/14 8:17 p.m.•3 views

CVE-2026-24899

Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not...

8.2CVSS0.00017EPSS

EUVD•added 2026/05/14 6:58 p.m.•4 views

EUVD-2026-30374

8.2CVSS5.8AI score0.00017EPSS

EUVD•added 2026/05/14 6:48 p.m.•5 views

EUVD-2026-30368

Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled...

8.2CVSS5.8AI score0.00011EPSS

OSV•added 2026/05/14 1:13 p.m.•4 views

GHSA-FFG9-J72F-J6XM Fleet Windows MDM Azure AD JWT Authentication Bypass

Summary A vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the aud audience or iss issuer claims, any Microsoft-signed...

8.2CVSS5.8AI score0.00017EPSS

Exploits0References4

OSV•added 2026/05/14 1:13 p.m.•3 views

GHSA-2RC4-7JC6-QFFH Fleet has a Windows MDM management endpoint authentication bypass

Summary A vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Impact...

8.2CVSS5.8AI score0.00011EPSS

Exploits0References4

CNNVD•added 2026/05/14 12:0 a.m.•4 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, and MDM operations. Versions of Fleet prior to 4.82.0 contained security...

8.2CVSS5.8AI score0.00017EPSS

Talos Blog•added 2026/04/21 10:0 a.m.•2 views

Bad Apples: Weaponizing native macOS primitives for movement and execution

As macOS adoption grows among developers and DevOps, it has become a high value target; however, native "living-off-the-land" LOTL techniques for the platform remain significantly under-documented compared to Windows. Adversaries can bypass security controls by repurposing native features like...

6.9AI score

Exploits0

The Hacker News•added 2026/04/11 6:2 a.m.•7 views

Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli company Cobwebs Technologies...

5.8AI score

Exploits0

Positive Technologies•added 2026/04/02 12:0 a.m.•1 views

PT-2026-29953

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin in github.com/fleetdm/fleet...

8.8CVSS6AI score0.00016EPSS

Exploits0References3

RedhatCVE•added 2026/03/28 11:10 p.m.•1 views

CVE-2026-34385

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS6AI score0.00009EPSS

Snyk•added 2026/03/27 8:22 p.m.•3 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

Snyk•added 2026/03/27 8:22 p.m.•4 views

Exposure of Data Element to Wrong Session

Snyk•added 2026/03/27 8:22 p.m.•1 views

Exposure of Data Element to Wrong Session

Snyk•added 2026/03/27 8:22 p.m.•1 views

Exposure of Data Element to Wrong Session

Snyk•added 2026/03/27 7:24 p.m.•3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the MDM bootstrap package configuration. An attacker can modify arbitrary team configurations, exfiltrate sensitive data from the database, and inject arbitrary content into team configurations by sending crafted API...

8.8CVSS6.1AI score0.00016EPSS

Cvelist•added 2026/03/27 7:19 p.m.•19 views

CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

8.7CVSS0.00028EPSS