CVE-2026-45628

Dokploy (PaaS) vulnerability CVE-2026-45628 affects version 0.29.2 and earlier. The root cause is unescaped interpolation of user-supplied branch names, repo URLs, and Docker credentials into shell commands constructed with JavaScript template literals and executed via child_process.exec (shell /...

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

SUSE-SU-2026:20587-1 Security update for postgresql14

This update for postgresql14 fixes the following issues: Update to version 14.21. Security issues fixed: - CVE-2026-2003: improper validation of type "oidvector" may allow disclose a few bytes of server memory bsc1258008. - CVE-2026-2004: intarray missing validation of type of input to selectivit...

SUSE SLES15 Security Update : postgresql13 (SUSE-SU-2025:4486-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4486-1 advisory. Upgraded to 13.23: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 -...

SUSE-SU-2025:4372-1 Security update for postgresql15

This update for postgresql15 fixes the following issues: Upgraded to 15.15: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS bsc1253332 - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq bsc1253333 Other fixes: - Use...

CVE-2025-12817

Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before...

EUVD-2024-0926

Malicious code in bioql PyPI...

CVE-2023-50726

A flaw was found in the Argo CD package. An improper validation bug allows users to sync local manifests on app creation, who have create privileges but not override privileges. All other restrictions, including AppProject restrictions, are still enforced. The only restriction that is not enforce...

CVE-2023-50726 Users with `create` but not `override` privileges can perform local sync in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it...

Argo CD Security Vulnerability

Argo CD is a software application. A declarative GitOps continuous delivery tool for Kubernetes. It continuously monitors running applications and compares the current live state with the desired target state e.g., configuration in a Git repository, automatically synchronizing and deploying...

CVE-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

USN-6230-1 postgresql-9.5 vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor...

USN-6230-1: PostgreSQL vulnerability

Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor...

Ubuntu: Security Advisory (USN-6104-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6104-1 postgresql-10, postgresql-12, postgresql-14, postgresql-15 vulnerabilities

Alexander Lakhin discovered that PostgreSQL incorrectly handled certain CREATE privileges. An authenticated user could possibly use this issue to execute arbitrary code as the bootstrap supervisor. CVE-2023-2454 Wolfgang Walther discovered that PostgreSQL incorrectly handled certain row security...

GHSA-9RJ9-5WCV-XGF2 Roundup Improper Access Control

The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as...

Jenkins Favorite Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins, which is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Configure or Item/Create privileges could be exploited to cause a stored cross-site...

Jenkins 授权问题漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins XebiaLabs XL Deploy Plugin has an authorization issue vulnerability that stems from incorrect privilege checking ...

Jenkins 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins XebiaLabs XL Deploy Plugin suffers from a cross-site request forgery vulnerability that stems from a...

PT-2021-19833 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue arises when an attacker converts a Files Drop link to a federated share, causing problems o...