9211 matches found
WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow
Summary An Open Redirect vulnerability exists in the OAuth authentication flow that allows attackers to redirect users to external malicious websites after authentication. The vulnerability is caused by insufficient validation of the return parameter in the OAuth login initialization endpoint...
GHSA-GRH9-37G7-53MJ WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow
Summary An Open Redirect vulnerability exists in the OAuth authentication flow that allows attackers to redirect users to external malicious websites after authentication. The vulnerability is caused by insufficient validation of the return parameter in the OAuth login initialization endpoint...
GHSA-6JR7-99PF-8VGF @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Impact When TechDocs is configured with runIn: local, a malicious actor who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. Patches Upgrade to @backstage/plugin-techdocs-node version 1.13.11, 1.14.1...
Updated docker-containerd packages fix security vulnerabilities
It was discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. CVE-2024-25621 It was discovered that containerd did not properly handle the execution of the goroutine of container attach...
MGASA-2026-0030 Updated docker-containerd packages fix security vulnerabilities
It was discovered that containerd incorrectly set certain directory path permissions. An attacker could possibly use this issue to achieve unauthorised access to the files. CVE-2024-25621 It was discovered that containerd did not properly handle the execution of the goroutine of container attach...
@backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator
Impact A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with techdocs.generator.runIn: local. When processing documentation from untrusted sources, symlinks within the docs directory are...
GHSA-W669-JJ7H-88M9 @backstage/plugin-techdocs-node vulnerable to possible Path Traversal in TechDocs Local Generator
Impact A path traversal vulnerability in the TechDocs local generator allows attackers to read arbitrary files from the host filesystem when Backstage is configured with techdocs.generator.runIn: local. When processing documentation from untrusted sources, symlinks within the docs directory are...
PT-2026-6421
Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...
OpenClaw 操作系统命令注入漏洞
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw there is an operating system command injection vulnerability , the vulnerability stems from the Docker sandbox execution mechanism when constructing shell commands on the PATH environment variable handling insecurity ,...
PT-2026-5722
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.29 Description A command injection issue exists in the Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user with th...
EulerOS 2.0 SP13 : docker-runc (EulerOS-SA-2026-1208)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...
EulerOS 2.0 SP13 : docker-runc (EulerOS-SA-2026-1220)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 throug...
Exploit for Unrestricted Upload of File with Dangerous Type in Gvectors Wpdiscuz
wpDiscuz-7.0.4-PoC-RCE - wpDiscuz 7.0.4 - Unauthenticated RCE...
GHSA-XVQR-69V8-F3GV vulnerabilities
Vulnerabilities for packages: timescaledb-tune, mongodb-kubernetes-operator, kubernetes-dns-node-cache, maru, nri-postgresql, influx, cilium-cli, crossplane-provider-aws-elasticache, flux-image-automation-controller, chart-testing, govulncheck, thanos-operator, kubernetes-replicator,...
GHSA-GR56-3GP6-6GMJ vulnerabilities
Vulnerabilities for packages: git-credential-oauth, s5cmd, nerdctl, crossplane-provider-aws-sns, helm-operator, minio, newrelic-infra-operator, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-gcp, ctop, gitness, mongodb-kubernetes-operator, rancher-machine,...
GHSA-CM6P-QC7V-M3JW vulnerabilities
Vulnerabilities for packages: timescaledb-tune, mongodb-kubernetes-operator, kubernetes-dns-node-cache, maru, nri-postgresql, influx, cilium-cli, crossplane-provider-aws-elasticache, flux-image-automation-controller, chart-testing, govulncheck, thanos-operator, kubernetes-replicator,...
CVE-2025-68119 vulnerabilities
Vulnerabilities for packages: timescaledb-tune, mongodb-kubernetes-operator, kubernetes-dns-node-cache, maru, nri-postgresql, influx, cilium-cli, crossplane-provider-aws-elasticache, flux-image-automation-controller, chart-testing, govulncheck, thanos-operator, kubernetes-replicator,...
GHSA-GM9R-Q53W-2GH4 vulnerabilities
Vulnerabilities for packages: git-credential-oauth, s5cmd, nerdctl, crossplane-provider-aws-sns, helm-operator, minio, newrelic-infra-operator, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-gcp, gitness, rancher-machine, mongodb-kubernetes-operator, container-object-storage-interfac...
CVE-2025-61726 vulnerabilities
Vulnerabilities for packages: git-credential-oauth, s5cmd, nerdctl, crossplane-provider-aws-sns, helm-operator, minio, newrelic-infra-operator, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-gcp, gitness, rancher-machine, mongodb-kubernetes-operator, container-object-storage-interfac...
CVE-2026-25116
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...