CVE-2026-27130

Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...

EUVD-2026-30809

Dokploy is a free, self-hostable Platform as a Service PaaS. Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input sanitization, lack of schema validation and direct shell interpolation. User-controlled application...

PT-2026-41737

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.7 Description OS command injection occurs due to inadequate input sanitization, lack of schema validation, and direct shell interpolation. User-controlled application names are processed by the cleanAppName...

CVE-2023-34089 Decidim Cross-site Scripting vulnerability in the processes filter

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code ...

PT-2023-23967 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.26.7 Decidim versions prior to 0.27.3 Description: The external link feature in Decidim is susceptible to cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently...

PT-2023-24662 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.26.7 Decidim versions prior to 0.27.3 Description: The processes filter feature in Decidim is susceptible to Cross-site scripting, allowing a remote attacker to execute JavaScript code in the context of a currently...