14 matches found
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.21.1 of GitHub Enterprise Server, there was a security...
Coder logs sensitive objects unsanitized
Summary Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized Details By default Workspace Agent logs are redirected to stderr https://github.com/coder/coder/blob/a8862be546f347c59201e2219d917e28121c0edb/cli/agent.goL432-L439 Workspace Agent Manifests containi...
EUVD-2025-0025
Malicious code in bioql PyPI...
EUVD-2022-3783
Malicious code in bioql PyPI...
CVE-2025-53825 Dokploy's Preview Deployments are vulnerable to Remote Code Execution
Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...
CVE-2025-53825 Dokploy's Preview Deployments are vulnerable to Remote Code Execution
Dokploy is a free, self-hostable Platform as a Service PaaS. Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This...
GHSA-JV7X-XHV2-P5V2 LaRecipe is vulnerable to Server-Side Template Injection attacks
Impact Attackers could: 1. Execute arbitrary commands on the server 2. Access sensitive environment variables 3. Escalate access depending on server configuration A critical vulnerability was discovered in LaRecipe that allows an attacker to perform Server-Side Template Injection SSTI, potentiall...
Dokploy 安全漏洞
Dokploy is an open source software from Dokploy Open Source. A security vulnerability exists in Dokploy versions prior to 0.24.3 that stems from arbitrary code execution in the unauthenticated Preview Deployment feature, which could lead to the disclosure of sensitive environment variables...
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
Summary The env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on the host. While this may not be a problem on single-user super admin installations, on multi-user installations, this allows non-super-admin users with campaign or template...
K000149702: PostgreSQL vulnerabilities CVE-2024-10977 and CVE-2024-10979
Security Advisory Description CVE-2024-10977 Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a...
CVE-2024-11736
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...
Information Disclosure
shescape is vulnerable to Information Disclosure. The vulnerability exists in the escapeArgForInterpolation function at cmd.js because the command string is not properly sanitized which allows an attacker to gain access to potentially sensitive environment variables...
CVE-2005-1205
The CVE-2005-1205 issue is a documented information-disclosure vulnerability in the Microsoft Telnet client across Windows XP, Windows Server 2003, and Windows Services for UNIX. Exploitation arises from handling the Telnet NEW-ENVIRON command (SEND ENV_USERVAR), allowing a remote attacker to rea...
CVE-2005-1205
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENVUSERVAR command...