Vulnerabilidades em OliveTin
12 resultadosCVE-2026-31817HIGHOliveTin's unsafe parsing of UniqueTrackingId can be used to write filesEPSS 0.7%CVE-2026-28790HIGHOliveTin: Unauthenticated Action Termination via KillAction When Guests Must LoginEPSS 0.7%CVE-2026-28342HIGHOliveTin: Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API EndpointEPSS 0.6%CVE-2026-27626CRITICALOliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checksEPSS 0.4%CVE-2026-32102HIGHOliveTin Unauthorized Action Output Disclosure via EventStreamEPSS 0.4%CVE-2026-30233MEDIUMOliveTin: View permission not being checked when returning dashboardsEPSS 0.4%CVE-2026-30225MEDIUMOliveTin: RestartAction always runs actions as guestEPSS 0.4%CVE-2026-28789HIGHOliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handlingEPSS 0.4%CVE-2026-48708HIGHOliveTin has a Concurrent Template Parsing Race Condition which Leads to Cross-Request Command ContaminationEPSS 0.3%CVE-2026-30224MEDIUMOliveTin: Session Fixation - Logout Fails to Invalidate Server-Side SessionEPSS 0.3%CVE-2026-30223HIGHOliveTin: JWT Audience Validation Bypass in Local Key and HMAC ModesEPSS 0.3%CVE-2026-48709LOWOliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument EnumerationEPSS 0.3%