CVE-2026-45663

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.1 contain security vulnerabilities. These vulnerabilities stem from the destinationPath parameter in the Docker file upload function not being properly cleaned and directly inserted into the shell...

Keybase: Privilege Escalation through Keybase Installer via Helper

Keybase.app is bundled with the components installer named KeybaseInstaller.app. When --install-app-bundle --source-path --app-path is given to installer, KBAppBundle.m checks if is properly codesigned, then copies it to . First, there's two vulnerabilities in the source path validation: the chec...

Buffer overflow

Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog FileD Object LTRDFD14e.DLL 14.5.0.44 allows remote attackers to cause a denial of service Internet Explorer 7 crash or execute arbitrary code via a long DestinationPath property value...