7856 matches found
CVE-2026-45661
Dokploy
CVE-2026-45661 Dokploy: Remote Code Execution through Path Traversal
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote serve...
Linux Distros Unpatched Vulnerability : CVE-2026-2601
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...
PT-2026-44929
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...
PT-2026-44938
Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a self-hostable Platform as a Service PaaS containing a path traversal issue. This allows authenticated users to write arbitrary files to the filesystem during application deployment. Whe...
CVE-2026-2601
GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to...
PT-2026-47561
Impact Postgres backend schema identifiers were interpolated into SQL strings. In the reviewed code path the schema value is operator-controlled, but the pattern was unsafe if future call sites allowed tenant or request-controlled schema names. Impacted users are operators using the Postgres...
PT-2026-44933
Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.28.9 Description Dokploy is a free, self-hostable Platform as a Service PaaS. An authenticated OS command injection exists in the '/listen-deployment' WebSocket endpoint, which allows any organization member to...
Dokploy 安全漏洞
Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.26.5 contain security vulnerabilities. These vulnerabilities stem from path traversal during the application deployment process, which allows authenticated users to write arbitrary files on the file...
PT-2026-45052
Name of the Vulnerable Software and Affected Versions PraisonAI version 4.6.33 Description The code-generator praisonai.deploy.api.generate api server code creates a Flask API server with authentication disabled by default. When users deploy the server using the command praisonai deploy --type ap...
CVE-2026-44881 Portainer: Arbitrary File Read via Git Symlink Injection in Stack Auto-Update
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a...
CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/
Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...
BIT-GITLAB-2026-2601 Missing Authorization in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to...
Important: Red Hat Security Advisory: Red Hat build of MicroShift 4.16.63 security update
Red Hat build of MicroShift release 4.16.63 is now available with updates to packages and images that include a security update. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
PT-2026-44540
Name of the Vulnerable Software and Affected Versions ai-goofish-monitor affected versions not specified Description An unauthenticated arbitrary file read issue exists in Windows deployments. Remote attackers can read arbitrary files by supplying absolute Windows paths or backslash-based travers...
AgentDoG 1.5: A Lightweight and Scalable Alignment Framework for AI Agent Safety and Security
Modern open-world agents such as OpenClaw exhibit powerful cross-environment execution capabilities yet introduce broad new safety risk sources. Meanwhile, advanced frontier AI models drastically lower attack barriers, rendering current agent alignment frameworks inadequate for real-world...
CVE-2026-2601
GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to...
UBUNTU-CVE-2026-2601
GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to...
Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms
Iran’s Nimbus Manticore hackers used trojanized Zoom installers to deploy malware against US firms during a wider IRGC linked cyber campaign...