Vulnerabilities in pinchtab
7 resultsCVE-2026-33623MEDIUMPinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command ExecutionEPSS 2.9%CVE-2026-33622MEDIUMA PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript ExecutionEPSS 0.5%CVE-2026-30834HIGHPinchTab: SSRF with Full Response Exfiltration via Download HandlerEPSS 0.4%CVE-2026-33621MEDIUMPinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API TokenEPSS 0.3%CVE-2026-33081MEDIUMPinchTab has Blind SSRF via browser-side redirect bypass in /download URL validationEPSS 0.3%CVE-2026-33620MEDIUMPinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary SystemsEPSS 0.3%CVE-2026-33619MEDIUMPinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrlEPSS 0.2%