CVE-2026-29185

Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that...

CVE-2026-29185 @backstage/integration: Potential reading of SCM URLs using built in token

Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encoded form to be included in file paths. When these URLs were processed by integration functions that...

CVE-2023-29055

CVE-2023-29055 affects Apache Kylin 2.0.0–4.0.3, where the Server Config web interface can display the contents of kylin.properties. When accessed over HTTP (or other plaintext protocols), network sniffers may intercept the payload and access potential server-side credentials. The root cause is t...

Debian DLA-1464-1 : postgresql-9.4 security update

An unprivileged user of dblink or postgresfdw could bypass the checks intended to prevent use of server-side credentials, such as a /.pgpass file owned by the operating-system user running the server. Servers allowing peer authentication on local connections are particularly vulnerable. Other...

[SECURITY] [DLA 1464-1] postgresql-9.4 security update

Package : postgresql-9.4 Version : 9.4.19-0+deb8u1 CVE ID : CVE-2018-10915 An unprivileged user of dblink or postgresfdw could bypass the checks intended to prevent use of server-side credentials, such as a /.pgpass file owned by the operating-system user running the server. Servers allowing peer...