CVE-2026-45628

Dokploy (PaaS) vulnerability CVE-2026-45628 affects version 0.29.2 and earlier. The root cause is unescaped interpolation of user-supplied branch names, repo URLs, and Docker credentials into shell commands constructed with JavaScript template literals and executed via child_process.exec (shell /...

Dokploy 命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.29.2 and earlier contained a command injection vulnerability. This vulnerability stemmed from the use of JavaScript template literal expressions to construct shell commands, which were executed via...

EUVD-2026-32535

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

osbuild-composer security update

149-4.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...

Arbtirary Command Execution

composer/composer is vulnerable to arbitrary command execution. A missing argument delimiter allows an attacker to inject and execute arbitrary commands via VCS repository URLs or source download URLs on systems with Mercurial...

CVE-2021-29472 Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...

SUSE: Security Advisory (SUSE-SU-2020:3147-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3147-1)

This update for rmt-server fixes the following issues : Version 2.6.5 Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one. Version 2.6.4 Add web server settings to /etc/rmt.conf: Now it's...

SUSE SLED12 / SLES12 Security Update : libsolv, libzypp, zypper (SUSE-SU-2019:2265-1)

This update for libsolv, libzypp and zypper fixes the following issues : libsolv was updated to version 0.6.36 and fixes the following issues : Security issues fixed : CVE-2018-20532: Fixed a NULL pointer dereference in testcaseread bsc1120629. CVE-2018-20533: Fixed a NULL pointer dereference in...

Debian: Security Advisory (DSA-3940-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...