9157 matches found
CLEANSTART-2026-SQ13072 Moby is an open source container framework developed by Docker Inc
Multiple security vulnerabilities affect the kyverno-fips package. Moby is an open source container framework developed by Docker Inc. See references for individual vulnerability details...
CLEANSTART-2026-BK59402 Moby is an open-source project created by Docker for software containerization
Multiple security vulnerabilities affect the docker package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details...
CLEANSTART-2026-GY69323 Moby is an open-source project created by Docker for software containerization
Multiple security vulnerabilities affect the docker package. Moby is an open-source project created by Docker for software containerization. See references for individual vulnerability details...
PT-2026-5463
Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.13.11 and versions prior to 1.14.1 Description Backstage’s @backstage/plugin-techdocs-node component, used for TechDocs, is susceptible to remote code execution. When TechDocs is configured to run locally runIn:...
PT-2026-5494
Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.13.11 and 1.14.1 Description Backstage is a framework for building developer portals, and @backstage/plugin-techdocs-node provides functionalities for TechDocs. A path traversal issue exists in the TechDocs local...
CVE-2026-1665
A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...
CVE-2026-25116
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...
CVE-2026-24845
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...
malcontent OCI image pull credential exfiltration via malicious registry token realm
Malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. Malcontent uses google/go-containerregistry for OCI image pulls, which by default uses the Docker credential keychain. A malicious registry could return a WWW-Authenticate header...
EUVD-2026-4942
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...
CVE-2026-25116 Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...
CVE-2026-25116 Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...
CVE-2026-25116 Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...
CVE-2026-25116
Runtipi (homeserver orchestrator) is vulnerable in versions 4.5.0–4.7.1 due to an unauthenticated Path Traversal in UserConfigController caused by insecure URN parsing, allowing remote overwrite of docker-compose.yml and resulting in full Remote Code Execution and host filesystem compromise upon ...
CVE-2026-25116
Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...
CVE-2026-24845
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...
EUVD-2026-4945
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...
CVE-2026-24845 malcontent's OCI image scanning could expose registry credentials
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...
CVE-2026-24845
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...
CVE-2026-24845
CVE-2026-24845 affects the malcontent tool. The advisory describes that versions prior to 1.20.3 (starting with 0.10.0) could exfiltrate Docker registry credentials when scanning certain OCI image references. The vulnerability stems from malcontent using google/go-containerregistry for OCI image ...