CVE-2026-32847

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

Malicious Package

Overview @cloudplatform-single-spa/ssh-keys is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

GHSA-WWX6-X28X-8259 russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

CVE-2026-45631

Dokploy is a free, self-hostable Platform as a Service PaaS. From 0.27.0 to before 0.29.3, a hardcoded BETTERAUTHSECRET fallback "better-auth-secret-123456789" lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the...

CVE-2026-45631

Dokploy (PaaS) fixed in 0.29.3 a pre-auth admin takeover vulnerability caused by a hardcoded BETTER_AUTH_SECRET fallback (better-auth-secret-123456789) present from 0.27.0 to before 0.29.3. An unauthenticated attacker could forge email verification JWTs, trigger auto-sign-in as admin, and execute...

EUVD-2026-33355

Dokploy is a free, self-hostable Platform as a Service PaaS. From 0.27.0 to before 0.29.3, a hardcoded BETTERAUTHSECRET fallback "better-auth-secret-123456789" lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the...

CVE-2026-45631 Dokploy: Pre-Auth Admin Takeover via Hardcoded Authentication Secret

Dokploy is a free, self-hostable Platform as a Service PaaS. From 0.27.0 to before 0.29.3, a hardcoded BETTERAUTHSECRET fallback "better-auth-secret-123456789" lets an unauthenticated attacker forge email verification JWTs, trigger auto-sign-in as admin, and execute commands on the host via the...

libssh security update

An update is available for libssh. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list libssh is a library which implements the SSH protocol. It can be used to...

GHSA-MQ5V-PXPM-8JW2 Froxlor has privilege escalation in SSH key synchronization via symlinked `authorized_keys` path

Summary Froxlor 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without verifying that the target path is not a symbolic...

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model LLM agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an...

OESA-2026-2485 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

[SECURITY] Fedora 43 Update: openbao-2.5.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

[SECURITY] Fedora 44 Update: openbao-2.5.4-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

PT-2026-44935

Name of the Vulnerable Software and Affected Versions Dokploy versions 0.27.0 through 0.29.2 Description A hardcoded fallback for the BETTER AUTH SECRET variable allows an unauthenticated attacker to forge email verification JSON Web Tokens JWTs, which are compact and self-contained ways for...

Dokploy 信任管理问题漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy from 0.27.0 to 0.29.3 had a security vulnerability related to trust management. This vulnerability stemmed from a hardcoded BETTERAUTHSECRET fallback value, which allowed unauthorized attackers to forge email-base...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-39834)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-39834 advisory. - When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflo...

PT-2026-45017

Summary When SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer to send oversized post-decompression packets that should have been rejected. In...

CVE-2026-8697 Improper Authentication Rate Limiting on TP-Link's Archer C64

Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web interface. This enables an attacker to brute-force valid credentials via SSH. Successful...