2305 matches found
Malicious Package
Overview hardhat-deploy-others is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
CVE-2025-12345
A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agentdeployinit of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack...
CVE-2025-12345
A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agentdeployinit of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack...
CVE-2026-27968
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-0704
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2026-27968
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968 Packistry accepts expired access tokens
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
EUVD-2026-8820
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968 Packistry accepts expired access tokens
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968
CVE-2026-27968 affects Packistry, a self-hosted Composer repository. Before version 0.13.0, RepositoryAwareController::authorize() did not enforce token expiration, allowing an expired deploy token with the correct ability to access repository endpoints (e.g., Composer metadata/download APIs). Th...
CVE-2026-27968 Packistry accepts expired access tokens
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
PT-2026-22108
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
@eui/deps-base (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408), @eui/deps-base-light (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408) +4 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=19.0.0-next.10 <=19.2.19)
@angular-devkit/build-angular NPM version =19.0.0-next.10, =19.0.0-next.1, =19.0.0-next.1, =19.0.0, =19.0.1 - @ws-test-realm/admin-kit =0.5.0-ng19 - @ws-test-realm/devkit =0.7.0-ng19 - ng-deploy-oss =19.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...
@eui/deps-base-light-next (>=19.2.2 <=21.0.0-alpha.32), @eui/deps-base-next (>=19.2.2 <=21.0.0-alpha.32) +1 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=20.0.0-rc.0 <=20.1.0)
@angular-devkit/build-angular NPM version =20.0.0-rc.0, =19.2.2, =19.2.2, =21.0.0-alpha.32 - ng-deploy-oss =20.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...
@angular-devkit/build-angular (>=19.0.0 <=19.2.20), @eui/deps-base (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408) +5 more potentially affected by CVE-2026-27739 via @angular/build (>=19.0.0-next.0 <=19.2.20)
@angular/build NPM version =19.0.0-next.0, =19.0.0, =19.0.0-next.1, =19.0.0-next.1, =19.0.0, =19.0.1 - @ws-test-realm/admin-kit =0.5.0-ng19 - @ws-test-realm/devkit =0.7.0-ng19 - ng-deploy-oss =19.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARBUILD-15357312...
CVE-2026-27208
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...
CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...
EUVD-2026-8636
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2026-0704
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...