HIGH7.5CVE-2026-30834PinchTab has SSRF with Full Response Exfiltration via Download Handler in github.com/pinchtab/pinchtab from 0, < 0.7.7
MEDIUM6.7CVE-2026-33623PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution in github.com/pinchtab/pinchtab from 0, < 0.8.5
MEDIUM6.7CVE-2026-33623PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution in github.com/pinchtab/pinchtab from 0, < 0.8.5
MEDIUM5.8PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation in github.com/pinchtab/pinchtab
from 0, < 0.8.3
MEDIUM5.8PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation in github.com/pinchtab/pinchtab
from 0, < 0.8.3
MEDIUM4.8PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token in github.com/pinchtab/pinchtab
>= 0.7.7, < 0.8.5
MEDIUM4.8PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token in github.com/pinchtab/pinchtab
>= 0.7.7, < 0.8.5
MEDIUM4.3PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems in github.com/pinchtab/pinchtab
>= 0.7.8, < 0.8.4
MEDIUM4.3PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems in github.com/pinchtab/pinchtab
>= 0.7.8, < 0.8.4
MEDIUM4.1PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl in github.com/pinchtab/pinchtab
from 0, < 0.8.4
MEDIUM4.1PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl in github.com/pinchtab/pinchtab
from 0, < 0.8.4
—A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution in github.com/pinchtab/pinchtab
>= 0.8.3
—A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution in github.com/pinchtab/pinchtab
>= 0.8.3