CVE-2025-54943

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks...

CVE-2025-54943

A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control checks...

CVE-2025-54943

SUNNET Corporate Training Management System before 10.11 has a missing authorization flaw due to inadequate access control checks, enabling remote deployment of applications. The PT-2025-35337 advisory lists versions prior to 10.11 as affected and recommends upgrading to a version newer than 10.1...

SUNNET Corporate Training Management System 安全漏洞

SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which stems from a lack of authorization checking and could lead to unauthorized application...

SUSE CVE-2025-29778

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

CVE-2025-29778

Kyverno (policy engine for cloud-native platforms) contains a vulnerability prior to version 1.14.0-alpha.1 where artifact verification in keyless mode ignores subjectRegExp and IssuerRegExp, allowing deployment of Kubernetes resources signed with an unexpected certificate and potentially full cl...

CVE-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

CosmWasm 安全漏洞

CosmWasm is a CosmWasm open source framework for building smart contracts in Wasm for the Cosmos SDK. A security vulnerability exists in CosmWasm versions prior to v2.2.0, which stems from a lack of runtime capability validation, and allows an attacker to deploy contracts and perform unauthorized...

Since the build function in 'Vault721' allows anyone to deploy a new ODProxy for any user without proper checks, it creates a potential exploit.

Lines of code Vulnerability details Impact The ability to freely deploy ODProxy contracts through the Vault721 contract's build function represents a significant security vulnerability. Exploitation of this vulnerability could lead to: Unauthorized Actions: Malicious actors could deploy proxies f...

Cloud Foundry 日志信息泄露漏洞

Cloud Foundry is a suite of open source Platform-as-a-Service PaaS cloud computing platforms from the U.S.-based Cloud Foundry Foundation. The product provides features such as container scheduling, continuous delivery, and automated service deployment. A security vulnerability exists in Cloud...

[M-01] Unprotected function in Constructor

Lines of code Vulnerability details Impact anyone can deploy the contract, potentially with malicious intent. Proof of Concept The constructor is not protected by any access control mechanism. Recommended Mitigation Steps Add access control to the constructor, such as an Ownable pattern, to ensur...

CVE-2021-22253

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed...

CVE-2020-14306

An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged...

Octopus Deploy Security Restriction Bypass Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions prior to 2018.4.7, which stems from the program's failure to check variable scopes for target and tenant labels against a list of tenan...

CVE-2017-8907

Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 are affected by CVE-2017-8907 due to an improper permission check for deployment projects. An authenticated attacker who can log in as a user without edit permission (and with an existing green build plan) can create a deployment project and...

PT-2017-18614 · Atlassian · Bamboo

Name of the Vulnerable Software and Affected Versions: Atlassian Bamboo versions 5.x through 5.15.6 Atlassian Bamboo versions 6.x through 6.0.0 Description: The issue arises from incorrect permission checks for users creating deployment projects. An attacker with login access to Bamboo, but witho...

autoDeploy

In a default installation of Oracle 9iAS v.1.0.2.2, it is possible to deploy or undeploy SOAP services without the need of any kind of credentials. This is due to SOAP being enabled by default after installation in order to provide a convenient way to use SOAP samples. However, this feature poses...

Oracle 9iAS Default SOAP Configuration Unauthorized Application Deployment

In a default installation of Oracle 9iAS v.1.0.2.2, it is possible to deploy or undeploy SOAP services without the need of any kind of credentials. This is due to SOAP being enabled by default after installation in order to provide a convenient way to use SOAP samples. However, this feature poses...