| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32102 | OliveTin Unauthorized Action Output Disclosure via EventStream | OliveTin | OliveTin | - | - | 2026-03-11 20:05:16 | Deep Dive |
| CVE-2026-31817 | OliveTin's unsafe parsing of UniqueTrackingId can be used to write files | OliveTin | OliveTin | High | 8.5 | 2026-03-10 21:08:54 | Deep Dive |
| CVE-2026-30233 | OliveTin: View permission not being checked when returning dashboards | OliveTin | OliveTin | Medium | 6.5 | 2026-03-06 21:05:37 | Deep Dive |
| CVE-2026-30225 | OliveTin: RestartAction always runs actions as guest | OliveTin | OliveTin | Medium | 5.3 | 2026-03-06 21:03:56 | Deep Dive |
| CVE-2026-30223 | OliveTin: JWT Audience Validation Bypass in Local Key and HMAC Modes | OliveTin | OliveTin | High | 8.8 | 2026-03-06 21:01:45 | Deep Dive |
| CVE-2026-30224 | OliveTin: Session Fixation - Logout Fails to Invalidate Server-Side Session | OliveTin | OliveTin | Medium | 5.4 | 2026-03-06 21:01:37 | Deep Dive |
| CVE-2026-28790 | OliveTin: Unauthenticated Action Termination via KillAction When Guests Must Login | OliveTin | OliveTin | High | 7.5 | 2026-03-05 19:34:54 | Deep Dive |
| CVE-2026-28789 | OliveTin: Unauthenticated DoS via concurrent map writes in OAuth2 state handling | OliveTin | OliveTin | High | 7.5 | 2026-03-05 19:33:47 | Deep Dive |
| CVE-2026-28342 | OliveTin: Unauthenticated Denial of Service via Memory Exhaustion in PasswordHash API Endpoint | OliveTin | OliveTin | High | 7.5 | 2026-03-05 19:33:44 | Deep Dive |
| CVE-2026-27626 | OliveTin vulnerable to OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks | OliveTin | OliveTin | Critical | 9.9 | 2026-02-25 02:43:08 | Deep Dive |