pkg:Go/github.com/pinchtab/pinchtab

所有已知漏洞

• HIGH7.5CVE-2026-30834PinchTab has SSRF with Full Response Exfiltration via Download Handler
  from 0, < 0.7.7
• MEDIUM6.7CVE-2026-33623PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution
  from 0, < 0.8.5
• MEDIUM6.7CVE-2026-33623PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution
  from 0, < 0.8.5
• MEDIUM5.8CVE-2026-33081PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation
  from 0, < 0.8.3
• MEDIUM5.8CVE-2026-33081PinchTab has a Blind SSRF via browser-side redirect bypass in /download URL validation
  from 0, < 0.8.3
• MEDIUM4.8CVE-2026-33621PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token
  >= 0.7.7, < 0.8.5
• MEDIUM4.8CVE-2026-33621PinchTab: Unapplied Rate Limiting Middleware Allows Unbounded Brute-Force of API Token
  >= 0.7.7, < 0.8.5
• MEDIUM4.3CVE-2026-33620PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems
  >= 0.7.8, < 0.8.4
• MEDIUM4.3CVE-2026-33620PinchTab: API Bearer Token Exposed in URL Query Parameter via Server Logs and Intermediary Systems
  >= 0.7.8, < 0.8.4
• MEDIUM4.1CVE-2026-33619PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl
  from 0, < 0.8.4
• MEDIUM4.1CVE-2026-33619PinchTab has Unauthenticated Blind SSRF in Task Scheduler via Unvalidated callbackUrl
  from 0, < 0.8.4
• —CVE-2026-33622A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
  >= 0.8.3
• —CVE-2026-33622A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution
  >= 0.8.3