GHSA-9CP7-J3F8-P5JX Daptin has Unauthenticated Path Traversal and Zip Slip

Impact The cloudstore.file.upload action in server/actions/actioncloudstorefileupload.go writes user-supplied filenames directly to disk without proper validation. This allows unauthenticated attackers to perform path traversal and zip slip attacks, leading to arbitrary file write and potential...

CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

CVE-2026-3731

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

openSUSE 16 Security Update : kepler (openSUSE-SU-2026:20206-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20206-1 advisory. Update to version 0.11.3. Security issues fixed: - CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing...

SUSE CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

PT-2026-6211

Name of the Vulnerable Software and Affected Versions melange versions 0.11.3 through 0.40.2 Description melange is a tool that allows users to build apk packages using declarative pipelines. A security issue exists where an attacker who can influence the tar stream from a QEMU guest VM could wri...

CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-24058 Soft Serve has Critical Authentication Bypass

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

CVE-2026-24058

Soft Serve (github.com/charmbracelet/soft-serve) is affected by a critical authentication bypass vulnerability in versions

CVE-2026-24058 Soft Serve has Critical Authentication Bypass

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user including admin by "offering" the victim's public key during the SSH handshake before authenticating with...

GHSA-PCHF-49FH-W34R Soft Serve Affected by an Authentication Bypass

Impact What kind of vulnerability is it? Who is impacted? This issue impacts every Soft Serve instance. A critical authentication bypass allows an attacker to impersonate any user including Admin by "offering" the victim's public key during the SSH handshake before authenticating with their own...

Authentication Bypass by Alternate Name

Overview Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via the SSH authentication process. An attacker can gain unauthorized access and impersonate any user, including administrative accounts, by presenting a victim's public key during the SSH handsha...

Soft Serve Affected by an Authentication Bypass

Impact What kind of vulnerability is it? Who is impacted? This issue impacts every Soft Serve instance. A critical authentication bypass allows an attacker to impersonate any user including Admin by "offering" the victim's public key during the SSH handshake before authenticating with their own...

PT-2026-4297

Name of the Vulnerable Software and Affected Versions Soft Serve versions 0.11.2 and below Description Soft Serve, a self-hostable Git server, contains a critical flaw that allows an attacker to impersonate any user, including administrators. This is achieved by presenting the victim's public key...

Common Expression Language 输入验证错误漏洞

Common Expression Language is a common expression language interpreter written in Rust by cel-rust open source. An input validation error vulnerability exists in Common Expression Language version 0.10.0 through versions prior to 0.11.4, which stems from the fact that parsing a specific incorrect...

EUVD-2024-2920

Malicious code in bioql PyPI...

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime via the key exchange process. An attacker can cause gradual memory exhaustion and potential application crashes by repeatedly initiating key exchanges with incorrect guesses as an...

CVE-2020-26309

Validate.js provides a declarative way of validating javascript objects. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any patches are available...

CVE-2014-9530

A vulnerability exists in nw.js before 0.11.3 when calling nw methods from normal frames, which has an unspecified impact...