24 matches found
CVE-2026-4881
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
CVE-2026-4881
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
CVE-2026-4881
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
PT-2026-46172
In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...
Octopus Server 安全漏洞
Octopus Server is a deployment automation and release management tool provided by the Australian company Octopus, used for continuous delivery. The affected versions of Octopus Server have a security vulnerability. This vulnerability stems from incorrect permission checks, allowing any...
EUVD-2026-26711
Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame...
CVE-2026-5766
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...
CVE-2026-3564
A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios...
CVE-2026-3564
CVE-2026-3564 affects ConnectWise ScreenConnect. A condition in ScreenConnect may allow an attacker who already has access to server‑level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios. Red Hat, EUVD, NVD, and CVE...
CVE-2019-15035
An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could get access to potentially confidential server-level data. The issue was fixed in TeamCity 2018.2.5 and 2019.1...
Spyware Vendor Hacked
A Brazilian spyware app vendor was hacked by activists: In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases. By exploiting other flaws...
GHSA-8274-H5JP-97VR Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack
Impact Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a Laminas\Diactoros\Uri instance associated with the incoming server request modified to reflect values from X-Forwarded-...
Mail.ru: OS command injection on seedr.ru
site: https://seedr.ru The seedid parameter be vulnerable to OS command injection attacks. It is possible to use various shell metacharacters to inject arbitrary OS commands. The command output does not appear to be returned in the application's responses, however it is possible to inject time...
GHSA-2XM2-XJ2Q-QGPJ receiving subscription objects with deleted session
Original Message: Hi, I create objects with one client with an ACL of all users with a specific column value. Thats working so far. Then I deleted the session object from one user to look if he can receive subscription objects and he can receive them. The client with the deleted session cant crea...
What You Should Know About Side-Channel Attacks, Like Meltdown
“The light is on in their window. They must be home.” This is a classic example of a side information channel. They didn’t TELL you they were home. But the side effect of them being home in the evening is the light in the window — which is how you’re pretty sure they are home even though this...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...
EAP: Sensitive data can be exposed at the server level in domain mode
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information...