Lucene search
K

2333 matches found

EUVD
EUVD
added 2026/02/26 1:57 a.m.7 views

EUVD-2026-8820

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...

4.3CVSS5.5AI score0.00185EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 1:57 a.m.6 views

CVE-2026-27968 Packistry accepts expired access tokens

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...

4.3CVSS5.9AI score0.00185EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/26 1:57 a.m.24 views

CVE-2026-27968 Packistry accepts expired access tokens

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...

4.3CVSS0.00185EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.12 views

PT-2026-22108

Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could...

4.3CVSS5.5AI score0.00185EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/25 4:16 p.m.8 views

CVE-2026-27208

bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...

9.2CVSS6AI score0.00655EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 3:47 p.m.5 views

CVE-2026-22866 ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

6.9CVSS5.9AI score0.00177EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/25 3:31 p.m.5 views

EUVD-2026-8636

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.9CVSS5.4AI score0.00332EPSS
Exploits0References2
OSV
OSV
added 2026/02/25 1:16 p.m.4 views

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

9.1CVSS5.8AI score0.00332EPSS
Exploits0References1
NVD
NVD
added 2026/02/25 1:16 p.m.6 views

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

9.1CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 12:22 p.m.14 views

CVE-2026-0704

CVE-2026-0704 (Octopus Deploy) is described across multiple sources as a vulnerability where a lack of input validation on an API endpoint could allow removing files or their contents on the host, potentially bypassing workflows. The affected product is consistently identified as Octopus Deploy; ...

9.1CVSS5.4AI score0.00332EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 12:22 p.m.4 views

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

9.1CVSS5.4AI score0.00332EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 12:22 p.m.3 views

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.9CVSS5.4AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/25 12:22 p.m.21 views

CVE-2026-0704

In affected version of Octopus Deploy it was possible to remove files and/or contents of files on the host using an API endpoint. The field lacked validation which could potentially result in ways to circumvent expected workflows...

5.9CVSS0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.11 views

PT-2026-21900

Name of the Vulnerable Software and Affected Versions Octopus Deploy affected versions not specified Description A lack of validation in a field within Octopus Deploy allowed for the removal of files and/or their contents on the host system via an API endpoint. This could potentially bypass...

9.1CVSS6AI score0.00332EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

Octopus Deploy 安全漏洞

Octopus Deploy is an automated tool developed by the Australian company Octopus, used for the development and deployment of applications in .NET, Java, and other programming languages. There is a security vulnerability in Octopus Deploy, which stems from the lack of validation in the API endpoint...

9.1CVSS5.8AI score0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 1:52 p.m.10 views

CVE-2026-27208

Bleon-ethical/api-gateway-deploy is affected in v1.0.0 by OS Command Injection and Privilege Escalation that can grant root privileges inside the container, potentially enabling container escape and unauthorized infra changes. The issue is fixed in v1.0.1 through: (1) strict input sanitization an...

9.2CVSS6AI score0.00655EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.7 views

api-gateway-deploy 安全漏洞

api-gateway-deploy is an API gateway for Bleon-ethical individual developers. Version 1.0.0 of api-gateway-deploy contains a security vulnerability. This vulnerability stems from an attack chain involving operating system command injection and privilege escalation, which could allow attackers to...

9.2CVSS6AI score0.00655EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/02/18 3:5 p.m.5 views

nemo-eval (=0.2.0rc0), nemo-export-deploy (>=0.2.0 <=0.3.1) potentially affected by CVE-2025-33240 via megatron-bridge (=0.2.0rc6)

megatron-bridge PYPI version =0.2.0rc6 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-bridge and may be impacted: - nemo-eval =0.2.0rc0 - nemo-export-deploy =0.2.0, =0.3.1 Source cves: CVE-2025-33240 Source advisory:...

7.8CVSS5.8AI score0.00201EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/18 3:5 p.m.3 views

nemo-eval (=0.2.0rc0), nemo-export-deploy (>=0.2.0 <=0.3.1) potentially affected by CVE-2025-33239 via megatron-bridge (=0.2.0rc6)

megatron-bridge PYPI version =0.2.0rc6 is affected by a known vulnerability. The following packages have a transitive dependency on megatron-bridge and may be impacted: - nemo-eval =0.2.0rc0 - nemo-export-deploy =0.2.0, =0.3.1 Source cves: CVE-2025-33239 Source advisory:...

7.8CVSS5.8AI score0.00197EPSS
Exploits0
OSV
OSV
added 2026/02/05 7:15 p.m.3 views

CVE-2025-15327

Tanium addressed an improper access controls vulnerability in Deploy...

4.3CVSS5.8AI score0.00238EPSS
Exploits0References1
Rows per page
Query Builder