31 matches found
PT-2026-52851
Name of the Vulnerable Software and Affected Versions Dokku versions prior to 0.38.2 Description The openresty-vhosts plugin copies files from an application's openresty/http-includes/ git repository directory to the host. The plugin then interpolates these filenames, without escaping, into a...
CVE-2025-15327
Tanium addressed an improper access controls vulnerability in Deploy...
EUVD-2018-10564
Malware in sbrugna...
EUVD-2020-19679
Malware in sbrugna...
EUVD-2015-2222
Malware in sbrugna...
EUVD-2019-3302
Malware in sbrugna...
EUVD-2020-18786
Malware in sbrugna...
EUVD-2022-42975
Malicious code in bioql PyPI...
EUVD-2025-25827
Malicious code in bioql PyPI...
EUVD-2022-35002
Malicious code in bioql PyPI...
EUVD-2022-34350
Malicious code in bioql PyPI...
EUVD-2025-24367
Malicious code in bioql PyPI...
CVE-2025-53772
This CVE affects Microsoft Web Deploy (deserialization of untrusted data) enabling Remote Code Execution over the network. Affected component is Web Deploy’s deserialization pathway, with evidence of in-the-wild and PoC exploits on public GitHub (e.g., stand-alone and IIS WebDeploy PoCs). The vul...
CVE-2022-4870
In affected versions of Octopus Deploy it is possible to discover network details via error message...
CVE-2022-1901
In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview...
CVE-2022-2507
In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage...
CVE-2020-26161
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header...
CVE-2018-12089
In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is...
CVE-2018-11320
In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs...
CVE-2025-0539
In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to compromise the account running Octopus Server and potentially the host infrastructure itself...