Vulnerabilidades em getarcaneapp
9 resultadosCVE-2026-23520CRITICALArcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCEEPSS 1.6%CVE-2026-40242HIGHArcane Unauthenticated SSRF with Conditional Response Reflection in Template Fetch EndpointEPSS 0.6%CVE-2026-23944HIGHArcane allows unauthenticated proxy access to remote environmentsEPSS 0.4%CVE-2026-45625CRITICALArcane: Missing admin authorization on git repository endpoints allows non-admin users to exfiltrate stored Git credentials and tamper with GitOps configsEPSS 0.4%CVE-2026-42461HIGHArcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets)EPSS 0.3%CVE-2026-47179HIGHArcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in ArcaneEPSS 0.3%CVE-2026-47125HIGHArcane: Missing admin authorization on global variables endpointEPSS 0.2%CVE-2026-45626MEDIUMArcane: OS Command Injection in Volume Browser ListDirectory via path query parameterEPSS 0.2%CVE-2026-45627HIGHArcane: Unauthenticated reflected XSS via SVG color parameter in /api/app-images/logo enables admin account takeoverEPSS 0.2%