610 matches found
CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit
Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...
CVE-2026-27806 Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit
Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect", "-c", script. Because the...
CVE-2026-27806
Fleet Orbit is affected prior to version 4.81.1 where the Orbit agent’s FileVault rotation flow collects a local user’s password through a GUI dialog and interpolates it into a Tcl/expect script executed via exec.Command("expect", "-c", script). The password is inserted into a Tcl brace-quoted se...
PT-2026-31406
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.1 Description The Orbit agent’s FileVault disk encryption key rotation flow collects a local user’s password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command"expect",...
WordPress Orbit Fox by ThemeIsle plugin <= 2.10.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via form widget addr2_width attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via form widget addr2width attribute vulnerability discovered by wesley wcraft in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.30...
CVE-2024-2126
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in orbit-boxicons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bafb55d5f4d1082ed8b15fdeefee0570d3d86fe8b2a13bd046fd62abce85c18 The package orbit-boxicons was found to contain malicious code. Source: ghsa-malware b738b9c09b7dc6b9fd5de0bd3a6006ea4931482eaf62228b6837997f0a625b2b...
EUVD-2025-198822
Malicious code in orbit-boxicons npm...
MAL-2025-190854 Malicious code in orbit-boxicons (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2bafb55d5f4d1082ed8b15fdeefee0570d3d86fe8b2a13bd046fd62abce85c18 The package orbit-boxicons was found to contain malicious code. Source: ghsa-malware b738b9c09b7dc6b9fd5de0bd3a6006ea4931482eaf62228b6837997f0a625b2b...
EUVD-2025-198821
Malicious code in orbit-soap npm...
MAL-2025-190855 Malicious code in orbit-soap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34962586ab6b1dda417a71f777d710ef91eadfbdaf81c32d957e9ed8163e4a3e The package orbit-soap was found to contain malicious code. Source: ghsa-malware 3907aa266d3bd43dbf2a9fdfa8673313f17448ecfcd226e4d4a3e5c572d20662 Any...
Malicious code in orbit-soap (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34962586ab6b1dda417a71f777d710ef91eadfbdaf81c32d957e9ed8163e4a3e The package orbit-soap was found to contain malicious code. Source: ghsa-malware 3907aa266d3bd43dbf2a9fdfa8673313f17448ecfcd226e4d4a3e5c572d20662 Any...
MAL-2025-190786 Malicious code in typeorm-orbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ef9bad1469b974150720a17445c8403c0b0cd2bd2dbb393948afc47f102f95 The package typeorm-orbit was found to contain malicious code. Source: ghsa-malware a8e95331758f44ad97cde664359ec7ba72c0ad0c10caeaf02926a6007d23bb7f...
EUVD-2025-198762
Malicious code in typeorm-orbit npm...
Malicious code in typeorm-orbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ef9bad1469b974150720a17445c8403c0b0cd2bd2dbb393948afc47f102f95 The package typeorm-orbit was found to contain malicious code. Source: ghsa-malware a8e95331758f44ad97cde664359ec7ba72c0ad0c10caeaf02926a6007d23bb7f...
MAL-2025-190777 Malicious code in orbit-nebula-editor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39053d1e21106bb38ff0f67ad92e018d3e94dd368d8a9df7df45391acd94b852 The package orbit-nebula-editor was found to contain malicious code. Source: ghsa-malware...