CVE-2026-27968

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...

EUVD-2026-8820

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...

CVE-2026-27968 Packistry accepts expired access tokens

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...

CVE-2026-27968

CVE-2026-27968 affects Packistry, a self-hosted Composer repository. Before version 0.13.0, RepositoryAwareController::authorize() did not enforce token expiration, allowing an expired deploy token with the correct ability to access repository endpoints (e.g., Composer metadata/download APIs). Th...

PT-2026-22108

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...

@eui/deps-base (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408), @eui/deps-base-light (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408) +2 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=19.0.0-next.10 <=19.2.19)

@angular-devkit/build-angular NPM version =19.0.0-next.10, =19.0.0-next.1, =19.0.0-next.1, =19.0.0, =19.0.1 - ng-deploy-oss =19.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...

@angular-devkit/build-angular (>=19.0.0 <=19.2.20), @eui/deps-base (>=19.0.0-next.1 <=19.3.14-snapshot-1775028727408) +3 more potentially affected by CVE-2026-27739 via @angular/build (>=19.0.0-next.0 <=19.2.20)

@angular/build NPM version =19.0.0-next.0, =19.0.0, =19.0.0-next.1, =19.0.0-next.1, =19.0.0, =19.0.1 - ng-deploy-oss =19.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARBUILD-15357312...

@eui/deps-base-light-next (>=19.2.2 <=21.0.0-alpha.32), @eui/deps-base-next (>=19.2.2 <=21.0.0-alpha.32) +1 more potentially affected by CVE-2026-27739 via @angular-devkit/build-angular (>=20.0.0-rc.0 <=20.1.0)

@angular-devkit/build-angular NPM version =20.0.0-rc.0, =19.2.2, =19.2.2, =21.0.0-alpha.32 - ng-deploy-oss =20.0.0 Source cves: CVE-2026-27739 Source advisory: SNYK:JS-ANGULARDEVKITBUILDANGULAR-15357315...

CVE-2026-27208

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

EUVD-2026-8636

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

CVE-2026-0704

CVE-2026-0704 affects Octopus Deploy. An API endpoint allows removal of files or file contents on the host due to missing input validation in a field, potentially bypassing workflows. CVSS 4.0 base score 5.9 (NETWORK, HIGH complexity, HIGH impact on availability and integrity; confidentiality imp...

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

Octopus Deploy 安全漏洞

Octopus Deploy is an automated tool developed by the Australian company Octopus, used for the development and deployment of applications in .NET, Java, and other programming languages. There is a security vulnerability in Octopus Deploy, which stems from the lack of validation in the API endpoint...

PT-2026-21900

Name of the Vulnerable Software and Affected Versions Octopus Deploy affected versions not specified Description A lack of validation in a field within Octopus Deploy allowed for the removal of files and/or their contents on the host system via an API endpoint. This could potentially bypass...

CVE-2026-27208

Bleon-ethical/api-gateway-deploy is affected in v1.0.0 by OS Command Injection and Privilege Escalation that can grant root privileges inside the container, potentially enabling container escape and unauthorized infra changes. The issue is fixed in v1.0.1 through: (1) strict input sanitization an...