Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
7.5CVSS
7.5AI Score
0.001EPSS
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
6.5CVSS
6.4AI Score
0.001EPSS