4 matches found
CVE-2025-13428
CVE-2025-13428 affects the SecOps SOAR server. The vulnerability arises from weak validation of uploaded Python package code in custom integrations, allowing an authenticated user with an IDE role to achieve Remote Code Execution (RCE) via a malicious setup.py during installation. Impact is serve...
CVE-2019-19084
In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...
Code injection
It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...
Teltonika TRB245 Improper Input Validation Vulnerability
Teltonika TRB245 is a cellular network gateway product from Teltonika Lithuania. An improper input validation vulnerability exists in the firmware TRB2R00.02.04.01 of the Teltonika TRB245. A remote attacker can exploit this vulnerability to gain root privileges by uploading a malicious package fi...