@budibase/server: Command Injection in PostgreSQL Dump Command

Location: packages/server/src/integrations/postgres.ts:529-531 Description The PostgreSQL integration constructs shell commands using user-controlled configuration values database name, host, password, etc. without proper sanitization. The password and other connection parameters are directly...

Oracle Linux 8 : osbuild-composer (ELSA-2026-3898)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3898 advisory. 101.4-4.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image...

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

UBUNTU-CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

CVE-2026-30852

mode: C CVE-2026-30852 is reflected in the GHSA advisory for Caddy: the vars_regexp matcher in Caddy’s vars.go (MatchWithError) can double-expand user-controlled input, causing leakage of sensitive data via environment variables, file contents, and system info. The vulnerability occurs when a pla...

CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

CVE-2026-28463

OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via glob patterns or environment variables. Authorized callers or prompt-injection attacks can exploit...

Caddy 信息泄露漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy from 2.7.5 to 2.11.2 had a vulnerability related to information leakage. This vulnerability stemmed from the varsregexp matcher’s double expansion of user inputs, which could lead to the...

Header Injection

Overview Affected versions of this package are vulnerable to Header Injection in the varsregexp matcher. An attacker can access sensitive environment variables, file contents, or system information by injecting specially crafted placeholders such as env. or file. into HTTP request headers, which...

Caddy's vars_regexp double-expands user input, leaking env vars and files

Summary The varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the header value gets resolved once expected, then passed through repl.ReplaceAll again the bug. This mean...

GHSA-M2W3-8F23-HXXF Caddy's vars_regexp double-expands user input, leaking env vars and files

Summary The varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the header value gets resolved once expected, then passed through repl.ReplaceAll again the bug. This mean...

Header Injection

Overview Affected versions of this package are vulnerable to Header Injection in the varsregexp matcher. An attacker can access sensitive environment variables, file contents, or system information by injecting specially crafted placeholders such as env. or file. into HTTP request headers, which...

Security Bulletin: IBM Planning Analytics Advanced Certified Containers is vulnerable to a sensitive information disclosure vulnerability

Summary A vulnerability was addressed in IBM Planning Analytics Advanced Certified Containers. Vulnerability Details CVEID:CVE-2025-36105 DESCRIPTION: IBM Planning Analytics Advanced Certified Containers could allow a local privileged user to obtain sensitive information from environment variable...

OESA-2026-1529 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...

OESA-2026-1528 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An integer overflow vulnerability was found in Apache HTTP Server versions 2.4.30 to 2.4.66. In case of failed ACME certificate renewal, after a number of failures 30 days in default configurations, the...