CVE-2025-50946

Medium CVSS: 6.5

OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.

Vendor

Product

CWE

Yayın Tarihi

2025-08-13 18:15:32

Güncelleme

2025-10-17 17:58:09

Source Identifier

cve@mitre.org

KEV Date Added

CWE-78 Olivetin MEDIUM Olivetin 2025

https://github.com/OliveTin/OliveTin https://github.com/OliveTin/OliveTin/blob/8c073bf45fca6c6eda4e8a9feb182433277343ee/service/internal/executor/arguments.go#L211 https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-50946/CVE-2025-50946.md

High

CVE-2026-32102

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live Event…

High

CVE-2026-31817

OliveTin gives access to predefined shell commands from a web interface. Prior to 3000.11.2, when the saveLogs feature i…

Medium

CVE-2026-30233

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization fl…

High

CVE-2026-30223

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, when JWT authentica…

Medium

CVE-2026-30224

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, OliveTin does not r…

Medium

CVE-2026-30225

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authentication c…