Lucene search
K

14 matches found

Cvelist
Cvelist
added 2026/06/30 2:32 p.m.44 views

CVE-2026-27883 Coolify: IDOR in Deployment API - Cross-Team Deployment Information Disclosure

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the GET /api/v1/deployments/uuid endpoint allows any authenticated user to access deployment details belonging to any team, bypassing team-based authorization. The $teamId ...

5CVSS0.00213EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/26 8:30 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the GetPolicyByIDQueries process. An attacker can access policy data belonging to other teams by sending requests to the global policy read endpoint with valid credentials for any team, thereby bypassing...

5.3CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-53001

Name of the Vulnerable Software and Affected Versions Fleet DM affected versions not specified Description An issue exists in the global policy read endpoint GET /api/latest/fleet/policies/policy id where authorization is performed against an empty structure with a nil TeamID. This allows the...

4.3CVSS6AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/06 11:25 p.m.5 views

SUSE CVE-2026-29180

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...

8.8CVSS5.9AI score0.00315EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.5 views

CVE-2026-29180

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...

8.8CVSS6AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 8:24 p.m.3 views

GHSA-M2H6-4XPQ-QW3M A Fleet team maintainer can transfer hosts from any team via missing source team authorization

Summary A broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute...

7.1CVSS6AI score0.00315EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/27 8:24 p.m.5 views

EUVD-2026-16746

A Fleet team maintainer can transfer hosts from any team via missing source team authorization...

7.1CVSS5.8AI score0.00315EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/27 8:24 p.m.13 views

A Fleet team maintainer can transfer hosts from any team via missing source team authorization

Summary A broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control over the stolen hosts, including the ability to execute...

8.8CVSS6AI score0.00315EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/27 7:16 p.m.4 views

CVE-2026-29180

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...

8.8CVSS0.00315EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 6:27 p.m.25 views

CVE-2026-29180 Fleet's team maintainer can transfer hosts from any team via missing source team authorization

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...

7.1CVSS0.00315EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 6:27 p.m.5 views

CVE-2026-29180

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...

7.1CVSS6AI score0.00315EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 6:27 p.m.4 views

CVE-2026-29180 Fleet's team maintainer can transfer hosts from any team via missing source team authorization

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...

7.1CVSS6AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 6:27 p.m.21 views

CVE-2026-29180

Fleet is an open-source device management platform. Before version 4.81.1, a broken access control in Fleet’s host transfer API allows a team maintainer to transfer hosts from any team into their own, bypassing team isolation. Once transferred, the attacker gains full control over the stolen host...

8.8CVSS6AI score0.00315EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28387

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.1 Description Fleet is open source device management software. A broken access control vulnerability exists in the host transfer API. A team maintainer can transfer hosts from any team into their own team, bypassin...

8.8CVSS6AI score0.00619EPSS
Exploits2References46
Rows per page
Query Builder