Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/24 5:41 p.m.7 views

EUVD-2026-36907

OliveTin: ValidateArgumentType API Endpoint's Missing Authentication Allows Action and Argument Enumeration...

3.7CVSS5.8AI score0.00328EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 5:38 p.m.6 views

EUVD-2026-36906

OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination...

7.5CVSS5.8AI score0.00401EPSS
Exploits0References4
NVD
NVD
added 2026/06/15 9:17 p.m.7 views

CVE-2026-48709

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not cal...

3.7CVSS0.00328EPSS
Exploits0References3
NVD
NVD
added 2026/06/15 9:17 p.m.8 views

CVE-2026-48708

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls...

7.5CVSS0.00401EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 8:13 p.m.31 views

CVE-2026-48709 OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument Enumeration

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in service/internal/api/api.go does not perform any authentication or authorization checks. Unlike all other data-returning API endpoints, it does not cal...

3.7CVSS0.00328EPSS
Exploits0References3
CVE
CVE
added 2026/06/15 7:59 p.m.15 views

CVE-2026-48708

OliveTin is affected by a race condition in the template engine. In versions up to 3000.0.0, a single shared text/template.Template instance (tpl) is used across all goroutines, and actions perform tpl.Parse(source) followed by t.Execute() without synchronization. Under concurrent ExecRequests, t...

7.5CVSS5.8AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/15 7:59 p.m.32 views

CVE-2026-48708 OliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command Contamination

OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, the template engine uses a single shared text/template.Template instance tpl package-level variable in service/internal/tpl/templates.go across all goroutines. Every action execution calls...

7.5CVSS0.00401EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49472

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.13.0 Description The 'ValidateArgumentType' RPC endpoint in service/internal/api/api.go lacks authentication and authorization checks, failing to call auth.UserFromApiCall or checkDashboardAccess. Even when...

3.7CVSS5.8AI score0.00328EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49471

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.13.0 Description The template engine utilizes a single shared text/template.Template instance, specifically the tpl package-level variable in service/internal/tpl/templates.go, across all goroutines. Each action...

7.5CVSS6AI score0.00401EPSS
Exploits0References9
Rows per page
Query Builder