CVE-2025-53376 Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.

Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...

PT-2025-28204 · Dokploy · Dokploy

Name of the Vulnerable Software and Affected Versions: Dokploy versions prior to 0.23.7 Description: Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS comman...

CVE-2025-20308

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker...

CVE-2025-27026

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

CVE-2025-49005

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

CVE-2025-49005 Next.js cache poisoning due to omission of Vary header

Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for HTML content to return a React Server Component RSC payloa...

BIT-AZURE-CLI-2023-36052 Azure CLI REST Command Information Disclosure Vulnerability

Azure CLI REST Command Information Disclosure Vulnerability...

Next.js 环境问题漏洞

Next.js is a React framework open-sourced by Vercel. An environment issue vulnerability exists in Next.js versions prior to 15.3.0 through 15.3.3 and Vercel CLI versions 41.4.1 through 42.2.0, which stems from a cache contamination vulnerability that could result in the return of incorrect conten...

PT-2025-27835

Name of the Vulnerable Software and Affected Versions: Next.js versions 15.3.0 through 15.3.2 Vercel CLI versions 41.4.1 through 42.1.0 Description: A cache poisoning issue was found in Next.js App Router and Vercel CLI, allowing page requests for HTML content to return a React Server Component R...

SUSE SLES15 : Recommended update for aws-nitro-enclaves-cli (SUSE-SU-SUSE-RU-2025:02203-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2025:02203-1 advisory. - Fix idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243859 - Update to version 1.4.2 - Update...

SUSE SLES15 / openSUSE 15 : Recommended update for aws-nitro-enclaves-cli (SUSE-SU-SUSE-RU-2025:02204-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2025:02204-1 advisory. - Fix idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243859 - Update to version 1.4....

OPENSUSE-SU-2025:15252-1 oci-cli-3.61.0-1.1 on GA media

These are all security issues fixed in the oci-cli-3.61.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-20308

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker...

CVE-2025-20308 Cisco Spaces Connector Privilege Escalation Vulnerability

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker...

Cisco Spaces Connector Privilege Escalation Vulnerability

A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker...

CVE-2025-27026

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

CVE-2025-27026

CVE-2025-27026 affects Infinera G42 version R6.1.3. A missing double‑check feature in the WebGUI CLI deactivation allows an authenticated administrator to disable multiple management interfaces across local and network access. The WebGUI‑driven CLI deactivation not only stops the CLI but also dea...

CVE-2025-27026 Improper Access Control Granularity impacting Infinera G42

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but...

SUSE-RU-2025:02204-1 Recommended update for aws-nitro-enclaves-cli

This update for aws-nitro-enclaves-cli fixes the following issues: - Fix idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243859 - Update to version 1.4.2 - Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6 - Update to version 1.3.3git0.afb7264 - Update...

SUSE-RU-2025:02203-1 Recommended update for aws-nitro-enclaves-cli

This update for aws-nitro-enclaves-cli fixes the following issues: - Fix idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243859 - Update to version 1.4.2 - Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6 - Update to version 1.3.3git0.afb7264 - Update...