2333 matches found
EUVD-2026-8820
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968 Packistry accepts expired access tokens
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27968 Packistry accepts expired access tokens
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
PT-2026-22108
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...
CVE-2026-27208
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...
CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation
Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...
EUVD-2026-8636
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2026-0704
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2026-0704
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2026-0704
CVE-2026-0704 (Octopus Deploy) is described across multiple sources as a vulnerability where a lack of input validation on an API endpoint could allow removing files or their contents on the host, potentially bypassing workflows. The affected product is consistently identified as Octopus Deploy; ...
CVE-2026-0704
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2026-0704
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
CVE-2026-0704
In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...
PT-2026-21900
Name of the Vulnerable Software and Affected Versions Octopus Deploy affected versions not specified Description A lack of validation in a field within Octopus Deploy allowed for the removal of files and/or their contents on the host system via an API endpoint. This could potentially bypass...
Octopus Deploy 安全漏洞
Octopus Deploy is an automated tool developed by the Australian company Octopus, used for the development and deployment of applications in .NET, Java, and other programming languages. There is a security vulnerability in Octopus Deploy, which stems from the lack of validation in the API endpoint...
CVE-2026-27208
Bleon-ethical/api-gateway-deploy is affected in v1.0.0 by OS Command Injection and Privilege Escalation that can grant root privileges inside the container, potentially enabling container escape and unauthorized infra changes. The issue is fixed in v1.0.1 through: (1) strict input sanitization an...
api-gateway-deploy 安全漏洞
api-gateway-deploy is an API gateway for Bleon-ethical individual developers. Version 1.0.0 of api-gateway-deploy contains a security vulnerability. This vulnerability stems from an attack chain involving operating system command injection and privilege escalation, which could allow attackers to...
nemo-eval (=0.2.0rc0), nemo-export-deploy (>=0.2.0 <=0.3.1) potentially affected by CVE-2025-33240 via megatron-bridge (=0.2.0rc6)
megatron-bridge PYPI version =0.2.0rc6 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-bridge and may be impacted: - nemo-eval =0.2.0rc0 - nemo-export-deploy =0.2.0, =0.3.1 Source cves: CVE-2025-33240 Source advisory:...
nemo-eval (=0.2.0rc0), nemo-export-deploy (>=0.2.0 <=0.3.1) potentially affected by CVE-2025-33239 via megatron-bridge (=0.2.0rc6)
megatron-bridge PYPI version =0.2.0rc6 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-bridge and may be impacted: - nemo-eval =0.2.0rc0 - nemo-export-deploy =0.2.0, =0.3.1 Source cves: CVE-2025-33239 Source advisory:...
CVE-2025-15327
Tanium addressed an improper access controls vulnerability in Deploy...