Soft Serve 安全漏洞

Soft Serve is a self-hosted command-line Git server developed by Charm. Versions of Soft Serve from 0.6.0 to 0.11.6 contained security vulnerabilities. These vulnerabilities were due to an authorization flaw in repository imports, which allowed any authenticated SSH user to clone the server’s loc...

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

CVE-2026-1237

Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid macaroon that is incorrectly validated by the juju controller, enabling a charm to maintain otherwise revoked or...

CVE-2022-33733

Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission...

CVE-2022-33734

Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission...

EUVD-2009-0764

Malware in sbrugna...

EUVD-2021-24145

Malware in sbrugna...

EUVD-2021-24146

Malware in sbrugna...

EUVD-2025-20670

Malicious code in bioql PyPI...

EUVD-2022-39536

Malicious code in bioql PyPI...

EUVD-2022-2461

Malicious code in bioql PyPI...

EUVD-2022-39530

Malicious code in bioql PyPI...

EUVD-2022-39529

Malicious code in bioql PyPI...

EUVD-2022-36772

Malicious code in bioql PyPI...

EUVD-2024-3000

Malicious code in bioql PyPI...

SUSE CVE-2025-53513

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...

Directory Traversal

github.com/juju/juju is vulnerable to Directory Traversal. The vulnerability is due to insufficient authorization checks caused by the /charms endpoint allowing any authenticated user to upload charms without proper validation, enabling attackers to exploit a Zip Slip vulnerability and gain acces...

CVE-2025-53513

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...

GHSA-24CH-W38V-XMH8 Juju zip slip vulnerability via authenticated endpoint

Impact Any user with a Juju account on a controller can upload a charm to the /charms endpoint. No specific permissions are required - it's just sufficient for the user to exist in the controller user database. A charm which exploits the zip slip vulnerability may be used to allow such a user to...

Juju zip slip vulnerability via authenticated endpoint

Impact Any user with a Juju account on a controller can upload a charm to the /charms endpoint. No specific permissions are required - it's just sufficient for the user to exist in the controller user database. A charm which exploits the zip slip vulnerability may be used to allow such a user to...