CVE-2026-45662

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.0 and earlier, the deleteRegistry function in Dokploy packages/server/src/services/registry.ts executes docker logout $response.registryUrl without shell escaping. In the same file, the docker login command correctly uses shEsca...

CVE-2025-66406

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization during the SSH certificate revocation when the SSHPOP provisioner is configured. An attacker can revoke SSH certificates without proper authorization by exploiting insufficient checks during the revocation proces...

CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

CVE-2025-66406

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the deployments configured with ACME and SCEP provisioners. An attacker can gain unauthorized access to sensitive resources by bypassing authorization controls. Remediation Upgrade...

GHSA-J7C9-79X7-8HPR step-ca Has Improper Authorization Check for SSH Certificate Revocation

Summary An authorized attacker can bypass authorization checks and revoke any SSH certificate issued by Step CA by using a valid revocation token. Details Step CA users can obtain SSH certificates from a few provisioners. The SSHPOP provisioner allows revocation of the SSH certificate preventing...

step-ca Has Improper Authorization Check for SSH Certificate Revocation

Summary An authorized attacker can bypass authorization checks and revoke any SSH certificate issued by Step CA by using a valid revocation token. Details Step CA users can obtain SSH certificates from a few provisioners. The SSHPOP provisioner allows revocation of the SSH certificate preventing...

EUVD-2021-2087

Malware in sbrugna...

EUVD-2019-0510

Malware in sbrugna...

EUVD-2023-26632

Malicious code in bioql PyPI...

CVE-2021-39208

SharpCompress is a fully managed C library to deal with many compression types and formats. Versions prior to 0.29.0 are vulnerable to partial path traversal. SharpCompress recreates a hierarchy of directories under destinationDirectory if ExtractFullPath is set to true in options. In order to...

OPENSUSE-SU-2025:15146-1 kind-0.29.0-1.1 on GA media

These are all security issues fixed in the kind-0.29.0-1.1 package on the GA media of openSUSE Tumbleweed...

Race Condition

Overview amici is an Advanced multi-language Interface to CVODES and IDAS Affected versions of this package are vulnerable to Race Condition due to the use of shared static variables in multi-threaded contexts. Exploiting this vulnerability is possible by triggering concurrent executions, leading...

CVE-2024-45594

CVE-2024-45594 affects the Decidim framework, specifically the online/hybrid meeting embeds feature. A cross-site scripting (XSS) flaw can be triggered via a malformed URL in the meeting embeds code. The vulnerability is fixed in Decidim releases 0.28.3 and 0.29.0. If you use decidim-meetings, up...

CVE-2024-9075 Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...

CVE-2024-9075 Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting

A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack i...