CRITICAL9.9CVE-2026-27626OliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks in github.com/OliveTin/OliveTin from 0, < 0.0.0-20260222101908-4bbd2eab1532
CRITICAL9.9CVE-2026-27626OliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks in github.com/OliveTin/OliveTin from 0
HIGH8.8OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260304231339-e97d8ecbd8d6
HIGH8.8OliveTin has JWT Audience Validation Bypass in Local Key and HMAC Modes in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260304231339-e97d8ecbd8d6
HIGH8.5OliveTin's unsafe parsing of UniqueTrackingId can be used to write files in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260309102040-b03af0e2eca3
HIGH8.5OliveTin's unsafe parsing of UniqueTrackingId can be used to write files in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260309102040-b03af0e2eca3
HIGH7.5OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260302002902-d9804182eae4
HIGH7.5OliveTin has Unauthenticated Action Termination via KillAction When Guests Must Login in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260302002902-d9804182eae4
HIGH7.5OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling in github.com/OliveTin/OliveTin
from 0
HIGH7.5OliveTin has unauthenticated DoS via concurrent map writes in OAuth2 state handling in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260301235225-f044d90d5525c
HIGH7.5OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260227002407-2eb5f0ba79d4
HIGH7.5OliveTin has Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260227002407-2eb5f0ba79d4
MEDIUM6.5OliveTin doesn't check view permission when returning dashboards in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260305082002-d7962710e7c4
MEDIUM6.5OliveTin doesn't check view permission when returning dashboards in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260305082002-d7962710e7c4
MEDIUM6.5OliveTin OS Command Injection vulnerability in github.com/OliveTin/OliveTin
from 0
MEDIUM6.5OliveTin OS Command Injection vulnerability in github.com/OliveTin/OliveTin
from 0, <= 0.0.0-20250502155356-8c073bf45fca
MEDIUM5.4OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session in github.com/OliveTin/OliveTin
from 0
MEDIUM5.4OliveTin Session Fixation: Logout Fails to Invalidate Server-Side Session in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260304233115-d6a0abc3755d15
MEDIUM5.3OliveTin's RestartAction always runs actions as guest in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260305000458-cb46a597b246
MEDIUM5.3OliveTin's RestartAction always runs actions as guest in github.com/OliveTin/OliveTin
from 0, < 0.0.0-20260305000458-cb46a597b246
—OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream in github.com/OliveTin/OliveTin
from 0
—OliveTin Vulnerable to Unauthorized Action Output Disclosure via EventStream in github.com/OliveTin/OliveTin
from 0, < 3000.10.2