CVE-2026-22188

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

CVE-2026-22188 Panda3D <= 1.10.16 Deploy-Stub Stack Exhaustion via Unbounded alloca()

The deploy-stub component in Panda3D versions up to and including 1.10.16 contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argvcopy and argvcopy2 using alloca based directly on the attacker-controlled argc value without validation...

CVE-2025-62327

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...

CVE-2025-62327

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...

CVE-2025-62327

The CVE-2025-62327 affects HCL DevOps Deploy versions 8.1.2.0 through 8.1.2.3. A user with LLM configuration privileges may recover credentials saved for performing authenticated LLM Queries, indicating improper access control around LLM credentials. Root cause described across sources is insuffi...

CVE-2025-62327 HCL DevOps Deploy is susceptible to insufficiently protected credentials

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...

CVE-2025-62327 HCL DevOps Deploy is susceptible to insufficiently protected credentials

In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries...

CVE-2022-27210

A cross-site request forgery CSRF vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

CVE-2025-1997

IBM UrbanCode Deploy UCD 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentiall...

CVE-2025-1998

IBM UrbanCode Deploy UCD through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.0 / IBM DevOps Deploy 8.0 through 8.0.1.4 and 8.1 through 8.1 stores potentially sensitive authentication token information in log files that could be read by a local user...

HCL DevOps Deploy 安全漏洞

HCL DevOps Deploy is an application from HCL India. It can be mapped to your organizational structure using flexible team-based and role-based security models. A security vulnerability exists in HCL DevOps Deploy versions 8.1.2.0 through 8.1.2.3, which stems from improperly configured permissions...

PT-2026-2162

Name of the Vulnerable Software and Affected Versions Panda3D versions up to and including 1.10.16 Description Panda3D deploy-stub contains a denial of service condition resulting from unbounded stack allocation. The deploy-stub executable uses alloca to allocate argv copy and argv copy2 based on...

Panda3D 安全漏洞

Panda3D is a cross-platform game engine from Panda3D open source. A security vulnerability exists in Panda3D 1.10.16 and earlier versions, which stems from the presence of an unbounded stack allocation in deploy-stub, which may lead to stack space exhaustion and process crash...

PT-2026-1838

Name of the Vulnerable Software and Affected Versions HCL DevOps Deploy versions 8.1.2.0 through 8.1.2.3 Description A user possessing LLM configuration privileges may be able to recover credentials previously saved for authenticated LLM Queries. Recommendations Update HCL DevOps Deploy to a...

Malicious code in chai-as-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6777d6fb72a2a1e304855ebdd4aa8f8e5e8410136ebcc580b71b5e5f4152eaf2 The package chai-as-deploy was found to contain malicious code...

EUVD-2025-204931

Malicious code in chai-as-deploy npm...

MAL-2025-192722 Malicious code in chai-as-deploy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6777d6fb72a2a1e304855ebdd4aa8f8e5e8410136ebcc580b71b5e5f4152eaf2 The package chai-as-deploy was found to contain malicious code...

HCL Launch和HCL DevOps Deploy 安全漏洞

HCL Launch and HCL DevOps Deploy are both products of HCL India.HCL Launch is a multi-functional, enterprise-grade continuous delivery automation software. Used to handle the most complex deployment processes in DevOps.HCL DevOps Deploy is an application. Can be mapped to your organizational...

CVE-2025-13489

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.3 IBM DevOps Deploy transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques...

CVE-2025-36360

IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefl...