595 matches found
CVE-2026-27806
Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...
CVE-2026-27806
Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...
Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit
Summary The Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the password is inserted into Tcl brace-quoted send %s, a...
GHSA-RPHV-H674-5HP2 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit
Summary The Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the password is inserted into Tcl brace-quoted send %s, a...
EUVD-2026-20540
Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit...
CVE-2026-27806
Fleet Orbit is affected prior to version 4.81.1 where the Orbit agent’s FileVault rotation flow collects a local user’s password through a GUI dialog and interpolates it into a Tcl/expect script executed via exec.Command("expect", "-c", script). The password is inserted into a Tcl brace-quoted se...
CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit
Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...
CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit
Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...
PT-2026-31406
Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...
WordPress Orbit Fox by ThemeIsle plugin <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via form widget addr2width attribute vulnerability discovered by wesley wcraft in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.30...
CVE-2024-2126
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
EUVD-2025-198822
Malicious code in orbit-boxicons npm...
Malicious code in orbit-boxicons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bafb55d5f4d1082ed8b15fdeefee0570d3d86fe8b2a13bd046fd62abce85c18 The package orbit-boxicons was found to contain malicious code. Source: ghsa-malware b738b9c09b7dc6b9fd5de0bd3a6006ea4931482eaf62228b6837997f0a625b2b...
MAL-2025-190854 Malicious code in orbit-boxicons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bafb55d5f4d1082ed8b15fdeefee0570d3d86fe8b2a13bd046fd62abce85c18 The package orbit-boxicons was found to contain malicious code. Source: ghsa-malware b738b9c09b7dc6b9fd5de0bd3a6006ea4931482eaf62228b6837997f0a625b2b...
EUVD-2025-198821
Malicious code in orbit-soap npm...
Malicious code in orbit-soap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34962586ab6b1dda417a71f777d710ef91eadfbdaf81c32d957e9ed8163e4a3e The package orbit-soap was found to contain malicious code. Source: ghsa-malware 3907aa266d3bd43dbf2a9fdfa8673313f17448ecfcd226e4d4a3e5c572d20662 Any...