Lucene search
K
GithubRecent

33268 matches found

Github Security Blog
Github Security Blog
added 2026/05/14 6:26 p.m.23 views

Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

Summary ApostropheCMS contains an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch attacker-controlled URLs during widget validation. For image-compatible responses,...

7.6CVSS5.8AI score0.00197EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 6:26 p.m.39 views

Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

Summary Under the default configuration, sanitize-html can turn attacker-controlled content inside a disallowed xmp element into live HTML or JavaScript. This is a sanitizer bypass in the default disallowedTagsMode: 'discard' path and can lead to stored XSS in applications that render sanitized...

9.3CVSS6AI score0.00397EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 6:26 p.m.10 views

Karakeep SDK has SSRF via metascraper-logo-favicon that bypasses validateUrl protections

Summary The metascraper-logo-favicon plugin makes HTTP requests to URLs extracted from attacker-controlled HTML without going through the application's validateUrl SSRF protections. This allows any authenticated user to make the server fetch arbitrary internal URLs by bookmarking a page containin...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 6:25 p.m.13 views

go-billy has path traversal vulnerabilities

Impact Multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths e.g., using .. to escape intended base directories. While go-billy was not originally designed to provide a strong security boundary...

8.1CVSS5.8AI score0.0031EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/14 6:25 p.m.17 views

dbt MCP Server Transmits All MCP Tool Arguments Including Raw SQL and --vars Credentials to dbt Labs Telemetry by Default Without Redaction

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DefaultUsageTracker.emittoolcalledevent in src/dbtmcp/tracking/tracking.py serializes the complete arguments dictionary of every MCP tool call and transmits it verbatim to...

6AI score0.00042EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 6:24 p.m.14 views

dbt MCP Server Logs Tool Arguments Including SQL Queries and Credentials in Plaintext Without Redaction When File Logging Is Enabled

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary DbtMCP.calltool in src/dbtmcp/mcp/server.py logs the complete raw arguments dictionary at INFO level on every tool invocation line 67 and again at ERROR level if the call...

6AI score0.00012EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 6:24 p.m.13 views

dbt MCP Server has an Argument Injection in dbt CLI Tool Wrappers via node_selection and resource_type Parameters

Discovered through manual source code review. Verified by PoC execution against a local dbt-mcp v1.15.1 installation. Summary rundbtcommand in src/dbtmcp/dbtcli/tools.py constructs the dbt subprocess argument list by appending user-supplied MCP tool parameters without sanitization. Two independen...

6.1AI score0.00018EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:37 p.m.75 views

TanStack Start - Server Core: Inbound server-function request deserialization could invoke a sibling client-referenced server function

Summary A type-confusion bug in seroval ≤ 1.5.2 upstream advisory allowed a crafted JSON body sent to one TanStack Start server function to trigger invocation of a different client-referenced server function as a side effect of deserializing the request payload. This is not an authentication bypa...

6.1AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:36 p.m.13 views

Mistune Image Directive CSS Injection Vulnerability

Summary The Image directive plugin validates the :width: and :height: options with a regex compiled as numre = re.compiler"^\d+?:.\d?". This pattern is applied via re.match which anchors only at the start of the string, not the end. Any value that begins with one or more digits passes validation,...

6.1CVSS6AI score0.00228EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:36 p.m.9 views

Mistune TOC Anchor Injection XSS

Summary rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format string — with no HTML escaping applied to either value. When heading IDs...

6.1CVSS6AI score0.00228EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:36 p.m.33 views

OpenTelemetry Java SDK has Unbounded Memory Allocation in W3C Baggage Propagation

Overview A vulnerability affects the baggage propagation implementation in opentelemetry-api and opentelemetry-extension-trace-propagators. Parsing oversized baggage causes unbounded memory allocation and CPU consumption. Because baggage is automatically re-injected into every outgoing request, t...

7.5CVSS5.9AI score0.00791EPSS
Exploits0References6Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/14 4:34 p.m.13 views

Portainer missing authorization on custom template file endpoint, which exposes template content

Summary A missing authorization vulnerability in the Custom Template file endpoint GET /api/customtemplates/id/file allows any authenticated user to read the file content of any custom template by enumerating sequential integer IDs, bypassing Resource Control access restrictions. Template files m...

6.5CVSS5.7AI score0.00257EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:33 p.m.8 views

Portainer: JWT accepted in URL query leaks tokens to logs and referers

Summary Portainer's authentication middleware accepts JWT bearer tokens passed as the ?token= URL query parameter on any authenticated API endpoint, in addition to the standard Authorization: Bearer header. URLs are recorded in reverse-proxy access logs, browser history, and HTTP Referer headers ...

7.7CVSS5.8AI score0.00316EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:33 p.m.12 views

Portainer has an endpoint security bypass via Swarm service create/update

Summary Portainer enforces seven EndpointSecuritySettings restrictions that administrators configure to restrict the container configurations non-admin users can launch: privileged mode, host PID namespace, device mapping, capabilities, sysctls, security-opt Seccomp / AppArmor, and bind mounts. T...

9.4CVSS5.8AI score0.00347EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:24 p.m.14 views

Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

Summary Portainer proxies requests to Kubernetes clusters through a middleware layer kubeClientMiddleware that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missi...

8.1CVSS5.9AI score0.00335EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:23 p.m.20 views

Portainer Has an Arbitrary File Read via Git Symlink Injection in Stack Auto-Update

Summary Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using go-git v5, which translates Git blob entries with mode 0o120000 symlink into real OS symlinks on the host filesystem via os.Symlink. The only ent...

9.9CVSS5.9AI score0.00416EPSS
Exploits2References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:23 p.m.13 views

Portainer has a bind-mount restriction bypass via HostConfig.Mounts

Summary Portainer offers an environment-level Disable bind mounts for non-administrators security setting that blocks regular users from binding host paths into containers they create through the Portainer-mediated Docker API. The check that enforces this setting only inspected the legacy...

8.5CVSS5.8AI score0.00206EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:23 p.m.12 views

Portainer has a path traversal in backup archive extraction that allows arbitrary file write

Summary Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target directory on the server. The extraction function ExtractTarGz in api/archive/targz.go constructed output paths using filepath.Cleanfilepath.JoinoutputDirPath, header.Name. This combination does not...

5.5CVSS5.9AI score0.00606EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:22 p.m.19 views

Portainer missing authorization on Docker plugin endpoints, which allows host RCE

Summary Portainer enforces Role-Based Access Control RBAC on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers containers, images, services, volumes, etc. that apply authorization checks. The Docker plugin management endpoints /plugins/ were not...

9.4CVSS6AI score0.00328EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.15 views

FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluator entity - cross-workspace data takeover and IDOR. File: packages/server/src/Interface.Evaluation.ts Root cause: The Evaluator controller/service constructs a n...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.15 views

FlowiseAI: Evaluation create+update mass-assignment allows cross-workspace evaluation takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Evaluation entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/evaluations/index.ts Root cause: The Evaluation controller/service...

8.8CVSS6AI score0.00335EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.13 views

FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the DatasetRow entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The DatasetRow controller/service constructs...

8.8CVSS6AI score0.00342EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.11 views

FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Dataset entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The Dataset controller/service constructs a new...

8.8CVSS6AI score0.00335EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.9 views

FlowiseAI: CustomTemplate create+update mass-assignment allows cross-workspace template takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the CustomTemplate entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/marketplaces/index.ts Root cause: The CustomTemplate controller/servi...

8.8CVSS6AI score0.00335EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.52 views

FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover

Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the Assistant entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/assistants/index.ts Root cause: The Assistant controller/service construct...

8.8CVSS6AI score0.00335EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:19 p.m.12 views

FlowiseAI: Vector Store No Permission Checks

FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations Severity: HIGH CVSS 8.1 Type: CWE-306 Missing Authentication for Critical Function File: packages/server/src/routes/openai-assistants-vector-store/index.ts Description: ALL CRUD endpoints for OpenAI Assistants Vector Store hav...

8.8CVSS5.8AI score0.00327EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:18 p.m.15 views

Synapse pagination Denial of Service

Impact In federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. Patches Update to Synapse 1.152.1 or later. Workarounds There are no known workaround...

5.1CVSS5.9AI score0.00369EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:18 p.m.22 views

Synapse CPU starvation (Denial of Service)

Impact Local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. Homeservers that trust all their local users are not at risk. Patches Update to Synapse 1.152.1 or later. Workarounds If Synapse is...

6.8CVSS5.8AI score0.00128EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:18 p.m.22 views

n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

Impact The OAuth1 and OAuth2 credential reconnect endpoints authorized access using credential:read rather than credential:update. An authenticated user with read-only access to a shared credential could initiate an OAuth reconnect flow and overwrite the stored token material for that credential...

8.3CVSS5.8AI score0.00315EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:18 p.m.21 views

n8n Has a Source Control Pull SQL Injection

Impact An attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator performed a Source Control Pull, n8n imported the file and could lead to SQL injection ...

9CVSS5.8AI score0.00331EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:17 p.m.13 views

n8n Has an XML Node Prototype Pollution Patch Bypass

Impact An authenticated user with permission to create or modify workflows could bypass the patch for GHSA-hqr4-h3xv-9m3r in the XML node. When combined with other nodes, this could lead to RCE on the n8n host. Patches The issue has been fixed in n8n versions 1.123.43, 2.20.7, and 2.22.1. Users...

9.9CVSS5.7AI score0.00634EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:17 p.m.11 views

n8n Has an Arbitrary File Read via Git Node

Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. Patches The issue has been fixed in n8n versions 1.123.43,...

9.4CVSS5.9AI score0.00632EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:17 p.m.12 views

n8n: HTTP Request Node Pagination Prototype Pollution to RCE

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via an unvalidated pagination parameter in the HTTP Request node. Combined with other techniques this could lead to RCE on the instance. Patches The issue has been fixed in n8n...

9.9CVSS5.8AI score0.00632EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:17 p.m.9 views

pyzipper has an encryption bypass for small files encrypted using it

Impact A Python operator precedence bug in pyzipper/zipfileaes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...

5.8AI score0.00009EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:16 p.m.13 views

wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager

Summary A gym trainer can escalate their session to any higher-privileged account gym manager, general manager by chaining two calls to the trainer-login endpoint. Once a trainer performs a legitimate switch into a low-privileged user, the session flag trainer.identity is set and this flag alone...

5.8AI score0.00026EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:16 p.m.10 views

wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API

Summary Any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The RoutinePermission class grants read access to any authenticated user when a routine has...

5.8AI score0.00051EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 4:16 p.m.9 views

@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input

Summary The @apostrophecms/cli package contains a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command without proper sanitization or escaping. This allows execution of arbitrary commands on the host...

6.5CVSS6.2AI score0.00428EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 3:31 p.m.9 views

podinfo: cross-site scripting vulnerability in the /echo and /api/echo endpoints

podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin...

6.1CVSS5.7AI score0.00195EPSS
Exploits2References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 2:58 p.m.11 views

FlowiseAI Vulnerable to Credential Data Leak

Severity: HIGH CVSS 7.5 Type: CWE-200 Exposure of Sensitive Information File: packages/server/src/services/credentials/index.ts:62-71 Description: When credentials are fetched with a credentialName filter parameter, the encryptedData field is NOT stripped from the response. The code properly omit...

7CVSS5.9AI score0.00271EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 2:57 p.m.22 views

FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape

Summary POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When E2BAPIKEY is not configured — the common deployment case — Flowise executes this code inside a NodeVM sandbox...

9.9CVSS6.7AI score0.0082EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 2:57 p.m.16 views

FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation...

9.6CVSS5.9AI score0.00274EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 2:57 p.m.12 views

Flowise has an MCP Security Bypass that Enables RCE

Summary There are three bypass methods for the security limitations of the Flowise MCP feature, and attackers can execute arbitrary commands by combining these three methods Details 【Vulnerability one】The Docker build subcommand not being on the blocklist leads to remote code execution The attack...

6.7AI score
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/14 2:54 p.m.17 views

FlowiseAI Exposes Basic Auth Credentials via API

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Severity | Medium | | CWE | CWE-522 Insufficiently Protected Credentials | | Location | packages/server/src/enterprise/controllers/account.controller.ts:128-135 | | Practical Exploitability | Medium | | Developer Approv...

9.1CVSS5.8AI score0.00251EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 2:54 p.m.44 views

FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment

Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side...

8.1CVSS5.7AI score0.00268EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 2:52 p.m.15 views

FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Due to missing server-side validation and...

7.6CVSS5.9AI score0.00195EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 2:52 p.m.22 views

FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment

Summary A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Due to missing server-side validation an...

9.6CVSS5.9AI score0.00254EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:18 p.m.21 views

Fleet: IP spoofing allows bypassing API rate limiting

Summary A vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing client IP headers. This may allow brute-force login attempts or other abuse against Fleet instances exposed to the public internet. Impact Fleet extracted client IP...

7.5CVSS5.8AI score0.00276EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:18 p.m.10 views

CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...

8.2CVSS6.1AI score0.00433EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:17 p.m.15 views

Strapi may leak sensitive data via relational filtering due to lack of query sanitization

Summary of CVE-2026-27886 Vulnerability Details - CVE: CVE-2026-27886 - CVSS v3.1 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N 9.3 — Critical - Affected Versions: @strapi/strapi =5.37.0 Description of CVE-2026-27886 Strapi versions prior to 5.37.0 did not sufficiently...

9.2CVSS5.8AI score0.00612EPSS
Exploits5References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 1:17 p.m.10 views

Fleet vulnerable to OS command injection in software packages

Summary A vulnerability in Fleet's software installer pipeline could allow a crafted software package to execute arbitrary commands as root macOS/Linux or SYSTEM Windows on managed endpoints when an uninstall is triggered. Impact When a software package .pkg, .deb, .rpm, .exe, or .msi is uploaded...

9.8CVSS6.2AI score0.00773EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33268