CVE-2026-22819 (GCVE-0-2026-22819)
Vulnerability from cvelistv5 – Published: 2026-01-14 18:04 – Updated: 2026-01-14 21:13
VLAI?
Title
Outray has a Race Condition in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts
Summary
Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.
Severity ?
5.9 (Medium)
CWE
- CWE-366 - Race Condition within a Thread
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| akinloluwami | outray |
Affected:
< 0.1.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22819",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T21:13:28.883339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T21:13:36.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "outray",
"vendor": "akinloluwami",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-366",
"description": "CWE-366: Race Condition within a Thread",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T18:04:33.426Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g"
},
{
"name": "https://github.com/outray-tunnel/outray/commit/73e8a09575754fb4c395438680454b2ec064d1d6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/outray-tunnel/outray/commit/73e8a09575754fb4c395438680454b2ec064d1d6"
}
],
"source": {
"advisory": "GHSA-45hj-9x76-wp9g",
"discovery": "UNKNOWN"
},
"title": "Outray has a Race Condition in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22819",
"datePublished": "2026-01-14T18:04:33.426Z",
"dateReserved": "2026-01-09T22:50:10.289Z",
"dateUpdated": "2026-01-14T21:13:36.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-22819\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-01-14T18:16:42.330\",\"lastModified\":\"2026-01-20T14:56:26.523\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-366\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:outray:outray:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"0.1.5\",\"matchCriteriaId\":\"DD246CCB-2E70-40B6-9BA8-ADAB45DF1296\"}]}]}],\"references\":[{\"url\":\"https://github.com/outray-tunnel/outray/commit/73e8a09575754fb4c395438680454b2ec064d1d6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-22819\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-14T21:13:28.883339Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-14T21:13:33.628Z\"}}], \"cna\": {\"title\": \"Outray has a Race Condition in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts\", \"source\": {\"advisory\": \"GHSA-45hj-9x76-wp9g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"akinloluwami\", \"product\": \"outray\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.1.5\"}]}], \"references\": [{\"url\": \"https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g\", \"name\": \"https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/outray-tunnel/outray/commit/73e8a09575754fb4c395438680454b2ec064d1d6\", \"name\": \"https://github.com/outray-tunnel/outray/commit/73e8a09575754fb4c395438680454b2ec064d1d6\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-366\", \"description\": \"CWE-366: Race Condition within a Thread\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-14T18:04:33.426Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-22819\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-14T21:13:36.389Z\", \"dateReserved\": \"2026-01-09T22:50:10.289Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-01-14T18:04:33.426Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-45HJ-9X76-WP9G
Vulnerability from github – Published: 2026-01-13 21:53 – Updated: 2026-01-14 19:50
VLAI?
Summary
Outray has a Race Condition in the cli's webapp
Details
Summary
This vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in https://github.com/akinloluwami/outray/blob/main/apps/web/src/routes/api/%24orgSlug/subdomains/index.ts
Details
- The affected code-:
//Race condition
const [subscription] = await db
.select()
.from(subscriptions)
.where(eq(subscriptions.organizationId, organization.id));
const currentPlan = subscription?.plan || "free";
const planLimits = getPlanLimits(currentPlan as any);
const subdomainLimit = planLimits.maxSubdomains;
const existingSubdomains = await db
.select()
.from(subdomains)
.where(eq(subdomains.organizationId, organization.id));
if (existingSubdomains.length >= subdomainLimit) {
return json(
{
error: `Subdomain limit reached. The ${currentPlan} plan allows ${subdomainLimit} subdomain${subdomainLimit > 1 ? "s" : ""}.`,
},
{ status: 403 },
);
}
const existing = await db
.select()
.from(subdomains)
.where(eq(subdomains.subdomain, subdomain))
.limit(1);
if (existing.length > 0) {
return json({ error: "Subdomain already taken" }, { status: 409 });
}
const [newSubdomain] = await db
.insert(subdomains)
.values({
id: crypto.randomUUID(),
subdomain,
organizationId: organization.id,
userId: session.user.id,
})
.returning();
- The first part of the code checks the user plan and determine his/her existing_domains without locking the transaction and allowing it to run.
const existingSubdomains = await db
.select()
.from(subdomains)
.where(eq(subdomains.organizationId, organization.id));
- The other part of the code checks if the desired domain is more than the limit.
if (existingSubdomains.length >= subdomainLimit) {
return json(
{
error: `Subdomain limit reached. The ${currentPlan} plan allows ${subdomainLimit} subdomain${subdomainLimit > 1 ? "s" : ""}.`,
},
{ status: 403 },
);
}
- Finally, it inserts the subdomain also after the whole check without locking transactions.
const [newSubdomain] = await db
.insert(subdomains)
.values({
id: crypto.randomUUID(),
subdomain,
organizationId: organization.id,
userId: session.user.id,
})
.returning();
- An attacker can exploit this by making parallel requests to the same endpoint and if the second request reads row
subdomainsbefore theINSERTstatement of request one is made.It allows the attacker to act on a not yet updated row which bypasses the checks and allow the attacker to get more subdomains.For example-:
Parallel request 1 Parallel Request 2
| |
checks for Checks the not yet updated
available subdomain row and bypasses the logic checks
and determines if it is more than limit
| |
Inserts subdomain and calls it a day Also inserts the subdomain
- The attack focuses on exploiting the race window between reading and writing the db rows.
PoC
- Intercept with Burp proxy,pass to
Repeaterand create multiple requests in a single batch with different subdomain names as seen below. Lastly, send the requests inparallel.
- Result-:
Impact
The vulnerability provides an infiinite supply of domains to users bypassing the need for subscription
Severity ?
5.9 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "outray"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-22819"
],
"database_specific": {
"cwe_ids": [
"CWE-366"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-13T21:53:30Z",
"nvd_published_at": "2026-01-14T18:16:42Z",
"severity": "MODERATE"
},
"details": "### Summary\nThis vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in `https://github.com/akinloluwami/outray/blob/main/apps/web/src/routes/api/%24orgSlug/subdomains/index.ts`\n\n### Details\n- The affected code-:\n\n```ts\n//Race condition\n const [subscription] = await db\n .select()\n .from(subscriptions)\n .where(eq(subscriptions.organizationId, organization.id));\n\n const currentPlan = subscription?.plan || \"free\";\n const planLimits = getPlanLimits(currentPlan as any);\n const subdomainLimit = planLimits.maxSubdomains;\n\n const existingSubdomains = await db\n .select()\n .from(subdomains)\n .where(eq(subdomains.organizationId, organization.id));\n\n if (existingSubdomains.length \u003e= subdomainLimit) {\n return json(\n {\n error: `Subdomain limit reached. The ${currentPlan} plan allows ${subdomainLimit} subdomain${subdomainLimit \u003e 1 ? \"s\" : \"\"}.`,\n },\n { status: 403 },\n );\n }\n\n const existing = await db\n .select()\n .from(subdomains)\n .where(eq(subdomains.subdomain, subdomain))\n .limit(1);\n\n if (existing.length \u003e 0) {\n return json({ error: \"Subdomain already taken\" }, { status: 409 });\n }\n\n const [newSubdomain] = await db\n .insert(subdomains)\n .values({\n id: crypto.randomUUID(),\n subdomain,\n organizationId: organization.id,\n userId: session.user.id,\n })\n .returning();\n```\n\n- The first part of the code checks the user plan and determine his/her existing_domains without locking the transaction and allowing it to run.\n```ts\nconst existingSubdomains = await db\n .select()\n .from(subdomains)\n .where(eq(subdomains.organizationId, organization.id));\n```\n\n- The other part of the code checks if the desired domain is more than the limit.\n\n```ts\nif (existingSubdomains.length \u003e= subdomainLimit) {\n return json(\n {\n error: `Subdomain limit reached. The ${currentPlan} plan allows ${subdomainLimit} subdomain${subdomainLimit \u003e 1 ? \"s\" : \"\"}.`,\n },\n { status: 403 },\n );\n }\n```\n\n- Finally, it inserts the subdomain also after the whole check without locking transactions.\n\n```ts\nconst [newSubdomain] = await db\n .insert(subdomains)\n .values({\n id: crypto.randomUUID(),\n subdomain,\n organizationId: organization.id,\n userId: session.user.id,\n })\n .returning();\n```\n- An attacker can exploit this by making parallel requests to the same endpoint and if the second request reads row `subdomains` before the `INSERT` statement of request one is made.It allows the attacker to act on a not yet updated row which bypasses the checks and allow the attacker to get more subdomains.For example-:\n\n```\n Parallel request 1 Parallel Request 2 \n | |\nchecks for Checks the not yet updated\navailable subdomain row and bypasses the logic checks\nand determines if it is more than limit\n | |\nInserts subdomain and calls it a day Also inserts the subdomain\n```\n- The attack focuses on exploiting the race window between reading and writing the db rows.\n\n### PoC\n\n- Intercept with Burp proxy,pass to `Repeater` and create multiple requests in a single batch with different subdomain names as seen below. Lastly, send the requests in `parallel`.\n\n\u003cimg width=\"1844\" height=\"855\" alt=\"image\" src=\"https://github.com/user-attachments/assets/f46d5993-31bd-4b96-902a-b2de5b0518bd\" /\u003e\n\n- Result-:\n\n\u003cimg width=\"1905\" height=\"977\" alt=\"image\" src=\"https://github.com/user-attachments/assets/4c877de2-4b55-46f4-9f1c-78590dfebefc\" /\u003e\n\n\n### Impact\nThe vulnerability provides an infiinite supply of domains to users bypassing the need for subscription",
"id": "GHSA-45hj-9x76-wp9g",
"modified": "2026-01-14T19:50:51Z",
"published": "2026-01-13T21:53:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/akinloluwami/outray/security/advisories/GHSA-45hj-9x76-wp9g"
},
{
"type": "WEB",
"url": "https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22819"
},
{
"type": "WEB",
"url": "https://github.com/outray-tunnel/outray/commit/08c61495761349e7fd2965229c3faa8d7b1c1581"
},
{
"type": "WEB",
"url": "https://github.com/outray-tunnel/outray/commit/73e8a09575754fb4c395438680454b2ec064d1d6"
},
{
"type": "PACKAGE",
"url": "https://github.com/akinloluwami/outray"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
}
],
"summary": "Outray has a Race Condition in the cli\u0027s webapp"
}
FKIE_CVE-2026-22819
Vulnerability from fkie_nvd - Published: 2026-01-14 18:16 - Updated: 2026-01-20 14:56
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:outray:outray:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "DD246CCB-2E70-40B6-9BA8-ADAB45DF1296",
"versionEndExcluding": "0.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is fixed in 0.1.5."
}
],
"id": "CVE-2026-22819",
"lastModified": "2026-01-20T14:56:26.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-01-14T18:16:42.330",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/outray-tunnel/outray/commit/73e8a09575754fb4c395438680454b2ec064d1d6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/outray-tunnel/outray/security/advisories/GHSA-45hj-9x76-wp9g"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-366"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…