Summary
Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-X4QR-QW6H-WVXQ
Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint
- CRITICALGHSA-X223-P2GF-V735
Langflow: Unauthenticated file upload leads to DoS (space exhaustion) and information leak
- HIGHGHSA-2MFG-CC43-9PCJ
LangChain4j: SQL injection via metadata filters in langchain4j-mariadb and langchain4j-pgvector
- MEDIUMGHSA-FG94-H982-F3MM
Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
- HIGHGHSA-RJXQ-QQHF-8HWH
OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin
- MEDIUMGHSA-5JV2-G5WQ-CMR4
vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving