Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.1 contain security vulnerabilities. These vulnerabilities stem from the destinationPath parameter in the Docker file upload function not being properly cleaned and directly inserted into the shell...

CVE-2026-41490 Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations

Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...

SQL Injection

Overview dagster-snowflake is a Package for Snowflake Dagster framework components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by creating speciall...

SQL Injection

Overview dagster-deltalake is a Package for Deltalake-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL...

SQL Injection

Overview dagster-snowflake-polars is a Package for integrating Snowflake and Polars with Dagster. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...

SUSE CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

[SECURITY] Fedora 43 Update: docker-buildx-0.29.1-1.fc43

Docker CLI plugin for extended build capabilities with BuildKit...

Titanium OnyX 注入漏洞

Titanium OnyX is a versatile application from Titanium. An injection vulnerability exists in Titanium OnyX 0.29.1 and earlier versions, which stems from an incorrect manipulation of the function generatesimplesql.py in the file backend/onyx/agents/agentsearch/kbsearch/nodes/a3generatesimplesql sq...

CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

go-libp2p Security Vulnerabilities

go-libp2p is the libp2p implementation in Go. A security vulnerability exists in go-libp2p, which stems from a security flaw in the core/crypto module, which can be exploited by an attacker to force nodes to sign and verify large RSA keys, leading to resource exhaustion. Affected products and...

[SECURITY] Fedora 38 Update: kitty-0.29.1-1.fc38

Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics images, unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new...

DEBIAN-CVE-2020-19824

An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...

UBUNTU-CVE-2020-19824

An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the aoc parameter...

GHSA-8449-7GC2-PWRP HashiCorp Consul Template could reveal Vault secret contents in error messages

In HashiCorp Consul Template through version 0.29.1, invalid templates could inadvertently reveal the contents of Vault secret in errors returned by the template.Template.Execute 5 method, when given a template using Vault secret contents incorrectly. This method has been updated to redact Vault...

HashiCorp Consul 日志信息泄露漏洞

HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp USA. The product is used to connect and configure applications across dynamically distributed infrastructures. A log information disclosure vulnerability exists in HashiCorp Consul Template...

CVE-2021-33505

A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions = 0.29.1...

PT-2023-11537 · Mpv +1 · Mpv +1

Name of the Vulnerable Software and Affected Versions: MPV version 0.29.1 Description: The issue allows attackers to execute arbitrary code and crash the program via the ao c parameter. Recommendations: For MPV version 0.29.1, update to version 0.30 to resolve the issue. As a temporary workaround...