Known Vulnerabilities for Bolt by Puppet
Listed below are 1 of the newest known vulnerabilities associated with "Bolt" by "Puppet".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35565 json | Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 De... | Not Provided | 2026-04-13 | 2026-04-13 |
| CVE-2025-49040 json | Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt Backup Bolt backup-bolt allows Cross Site Request Forgery.This... | Not Provided | 2025-08-27 | 2026-04-01 |
| CVE-2025-10306 json | The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up ... | Not Provided | 2025-10-03 | 2026-04-08 |
| CVE-2023-5214 json | In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. | 9.8 - CRITICAL | 2023-10-06 | 2023-11-02 |