Lucene search
K

610 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 5:40 p.m.2 views

CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...

7.8CVSS6AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 5:40 p.m.21 views

CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...

7.8CVSS0.00111EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 5:40 p.m.22 views

CVE-2026-27806

Fleet Orbit is affected prior to version 4.81.1 where the Orbit agent’s FileVault rotation flow collects a local user’s password through a GUI dialog and interpolates it into a Tcl/expect script executed via exec.Command("expect", "-c", script). The password is inserted into a Tcl brace-quoted se...

7.8CVSS6AI score0.00111EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.10 views

PT-2026-31406

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.1 Description The Orbit agent’s FileVault disk encryption key rotation flow collects a local user’s password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect",...

7.8CVSS6AI score0.00111EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/02/02 8:36 p.m.7 views

WordPress Orbit Fox by ThemeIsle plugin <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via form widget addr2width attribute vulnerability discovered by wesley wcraft in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.30...

6.4CVSS7.1AI score0.00532EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/07 9:15 a.m.15 views

CVE-2024-2126

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References1
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
Snyk
Snyk
added 2025/11/24 4:24 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

9.8CVSS6.8AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 3:4 p.m.7 views

Malicious code in orbit-boxicons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bafb55d5f4d1082ed8b15fdeefee0570d3d86fe8b2a13bd046fd62abce85c18 The package orbit-boxicons was found to contain malicious code. Source: ghsa-malware b738b9c09b7dc6b9fd5de0bd3a6006ea4931482eaf62228b6837997f0a625b2b...

6.9AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 3:4 p.m.3 views

EUVD-2025-198822

Malicious code in orbit-boxicons npm...

6.6AI score
Exploits0References4
OSV
OSV
added 2025/11/24 3:4 p.m.4 views

MAL-2025-190854 Malicious code in orbit-boxicons (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bafb55d5f4d1082ed8b15fdeefee0570d3d86fe8b2a13bd046fd62abce85c18 The package orbit-boxicons was found to contain malicious code. Source: ghsa-malware b738b9c09b7dc6b9fd5de0bd3a6006ea4931482eaf62228b6837997f0a625b2b...

6.8AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 2:41 p.m.2 views

EUVD-2025-198821

Malicious code in orbit-soap npm...

6.6AI score
Exploits0References4
OSV
OSV
added 2025/11/24 2:41 p.m.4 views

MAL-2025-190855 Malicious code in orbit-soap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34962586ab6b1dda417a71f777d710ef91eadfbdaf81c32d957e9ed8163e4a3e The package orbit-soap was found to contain malicious code. Source: ghsa-malware 3907aa266d3bd43dbf2a9fdfa8673313f17448ecfcd226e4d4a3e5c572d20662 Any...

6.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 2:41 p.m.7 views

Malicious code in orbit-soap (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34962586ab6b1dda417a71f777d710ef91eadfbdaf81c32d957e9ed8163e4a3e The package orbit-soap was found to contain malicious code. Source: ghsa-malware 3907aa266d3bd43dbf2a9fdfa8673313f17448ecfcd226e4d4a3e5c572d20662 Any...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/24 1:46 p.m.3 views

MAL-2025-190786 Malicious code in typeorm-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ef9bad1469b974150720a17445c8403c0b0cd2bd2dbb393948afc47f102f95 The package typeorm-orbit was found to contain malicious code. Source: ghsa-malware a8e95331758f44ad97cde664359ec7ba72c0ad0c10caeaf02926a6007d23bb7f...

6.8AI score
Exploits0References4
EUVD
EUVD
added 2025/11/24 1:46 p.m.2 views

EUVD-2025-198762

Malicious code in typeorm-orbit npm...

6.6AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 1:46 p.m.7 views

Malicious code in typeorm-orbit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ef9bad1469b974150720a17445c8403c0b0cd2bd2dbb393948afc47f102f95 The package typeorm-orbit was found to contain malicious code. Source: ghsa-malware a8e95331758f44ad97cde664359ec7ba72c0ad0c10caeaf02926a6007d23bb7f...

6.9AI score
Exploits0References4
OSV
OSV
added 2025/11/24 1:46 p.m.2 views

MAL-2025-190777 Malicious code in orbit-nebula-editor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39053d1e21106bb38ff0f67ad92e018d3e94dd368d8a9df7df45391acd94b852 The package orbit-nebula-editor was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References4
Rows per page
Query Builder