9 matches found
PT-2026-44117
Name of the Vulnerable Software and Affected Versions Microsoft UFO versions prior to 3.0.1 Description An OS command injection issue exists in the shell action replay path. The functions ShellReceiver.run shell and ShellReceiver.execute command pass command strings from action parameters directl...
SUSE CVE-2026-30225
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low-privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
CVE-2026-30225
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
CVE-2026-30225
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
CVE-2026-30225 OliveTin: RestartAction always runs actions as guest
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
CVE-2026-30225 OliveTin: RestartAction always runs actions as guest
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
CVE-2026-30225
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new...
CVE-2026-30225
CVE-2026-30225 (OliveTin) : An authentication context confusion in RestartAction prior to 3000.11.1 allows a low-privileged authenticated user to bypass ACLs and execute privileged shell actions via a synthetic request that loses the original caller’s authentication headers, causing the resolver ...
OliveTin's RestartAction always runs actions as guest
Summary An authentication context confusion vulnerability in RestartAction allows a low‑privileged authenticated user to execute actions they are not permitted to run. RestartAction constructs a new internal connect.Request without preserving the original caller’s authentication headers or cookie...