CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/15 8:13 p.m.•29 views

CVE-2026-48709 OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument Enumeration

3.7CVSS0.00328EPSS

Vulnrichment•added 2026/06/15 7:59 p.m.•8 views

CVE-2026-48708 OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls...

7.5CVSS5.7AI score0.00401EPSS

RedHat Linux•added 2026/05/20 2:0 p.m.•16 views

kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit

In the Linux kernel, the following vulnerability has been resolved: net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit The following setup can trigger a WARNING in htbactivate due to the condition: !cl-leaf.q-q.qlen tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb...

7.8CVSS6.6AI score0.00168EPSS

Exploits0References5

Patchstack•added 2026/04/13 2:13 p.m.•7 views

WordPress GeoDirectory plugin <= 2.8.152 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Tin Pham aka TF1T in WordPress Plugin GeoDirectory versions = 2.8.152...

6AI score0.00283EPSS

Exploits0Affected Software1

SUSE CVE•added 2026/03/25 12:25 a.m.•5 views

SUSE CVE-2026-30233

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

6.5CVSS5.9AI score0.00417EPSS

OSV•added 2026/03/12 8:57 p.m.•3 views

GO-2026-4670 OliveTin's unsafe parsing of UniqueTrackingId can be used to write files in github.com/OliveTin/OliveTin

OliveTin's unsafe parsing of UniqueTrackingId can be used to write files in github.com/OliveTin/OliveTin...

8.5CVSS5.8AI score0.00712EPSS

Exploits1References4

Snyk•added 2026/03/12 2:20 p.m.•4 views

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the typeSafetyCheckEmail function. An attacker can inject arbitrary log entries and expose sensitive information by submitting specially crafted email addresses containing newline or...

6.9CVSS5.8AI score

Vulnrichment•added 2026/03/11 8:5 p.m.•2 views

CVE-2026-32102 OliveTin Unauthorized Action Output Disclosure via EventStream

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can...

7.1CVSS5.9AI score0.00431EPSS

Cvelist•added 2026/03/11 8:5 p.m.•26 views

CVE-2026-32102 OliveTin Unauthorized Action Output Disclosure via EventStream

7.1CVSS0.00431EPSS

Circl•added 2026/03/10 11:51 p.m.•6 views

CVE-2026-32102

creationtimestamp| type| source ---|---|--- 2026-03-10 23:51:09+00:00| published-proof-of-concept| https://github.com/OliveTin/OliveTin/security/advisories/GHSA-228v-wc5r-j8m7...

7.1CVSS7.2AI score0.00431EPSS

ATTACKERKB•added 2026/03/10 9:8 p.m.•4 views

CVE-2026-31817

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature is enabled, OliveTin persists execution log entries to disk. The filename used for these log files is constructed in part from the user-supplied UniqueTrackingId field in the...

8.5CVSS6AI score0.00712EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/10 9:8 p.m.•2 views

CVE-2026-31817 OliveTin has unsafe parsing of UniqueTrackingId can be used to write files

8.5CVSS6AI score0.00712EPSS

RedhatCVE•added 2026/03/08 1:44 a.m.•5 views

CVE-2026-30233

6.5CVSS5.8AI score0.00417EPSS

NVD•added 2026/03/06 9:16 p.m.•4 views

CVE-2026-30223

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentication is configured using either "authJwtPubKeyPath" local RSA public key or "authJwtHmacSecret" HMAC secret, the configured audience value authJwtAud is not enforced during toke...

8.8CVSS0.00301EPSS

Cvelist•added 2026/03/06 9:5 p.m.•18 views

CVE-2026-30233 OliveTin: View permission not being checked when returning dashboards

6.5CVSS0.00417EPSS

ATTACKERKB•added 2026/03/06 9:1 p.m.•5 views

CVE-2026-30223

8.8CVSS5.8AI score0.00301EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/03/06 9:1 p.m.•4 views

CVE-2026-30224 OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not revoke server-side sessions when a user logs out. Although the browser cookie is cleared, the corresponding session remains valid in server storage until expiry default ≈ 1 year...

5.4CVSS5.7AI score0.00302EPSS

Snyk•added 2026/03/05 9:24 p.m.•1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the dashboard and API endpoints. An attacker can access sensitive action metadata, including titles, IDs, icons, and argument details, by sending crafted requests as an authenticated user with restricted view...

6.5CVSS5.8AI score0.00417EPSS

Exploits1References2

Snyk•added 2026/03/05 8:53 p.m.•3 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through improper handling of the Logout. An attacker can maintain unauthorized access by replaying a previously captured session cookie after a user logs out. Remediation Upgrade...

6.4CVSS5.8AI score0.00302EPSS