Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network

Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. "Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activiti...

Exploit for Allocation of Resources Without Limits or Throttling in Apache Commons_Fileupload

CVE-2025-48988 & CVE-2025-48976 About This project runs a s...

Malicious code in vscode-docker (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61618685e358ec6a20db218d79632439bfc8286cfea396d5184f9bdbd019f640 Any computer that has this package installed or running should be considered...

MAL-2025-5187 Malicious code in vscode-docker (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61618685e358ec6a20db218d79632439bfc8286cfea396d5184f9bdbd019f640 Any computer that has this package installed or running should be considered...

CVE-2025-49842

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

Exploit for CVE-2025-49113

Install docker run --name ubuntu24 \ -p 9876:80 \ -v...

CVE-2025-49842

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

CVE-2025-49842

The CVE concerns conda-forge-webservices, a web app used to manage conda-forge admin tasks. Prior to version 2025.3.24, the conda_forge_webservice Docker container executed commands without a dedicated user, leaving the container running as root. This can enable privilege escalation and potential...

CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

PT-2025-25658 · Conda Forge · Conda-Forge-Webservices

Name of the Vulnerable Software and Affected Versions: conda-forge-webservices versions prior to 2025.3.24 Description: The conda-forge-webservices web app, used to run conda-forge admin commands and linting, has an issue where the conda forge webservice Docker container executes commands without...

PT-2025-25764 · Unknown +3 · Portainer Community Edition +4

Name of the Vulnerable Software and Affected Versions: Portainer Community Edition versions prior to 2.31.0 STS and prior to 2.27.7 LTS Description: The issue affects a lightweight service delivery platform for containerized applications, allowing management of Docker, Swarm, Kubernetes, and ACI...

conda-forge-webservices 安全漏洞

conda-forge-webservices is a conda-forge open source web application deployed to run condaforge management commands and linting. A security vulnerability exists in conda-forge-webservices versions prior to 2025.3.24, which stems from a Docker container executing commands as the root user, which...

Astra Linux – Vulnerability in runc-app

Runc is a CLI tool for spawning and running containers according to the OCI specification. Runc versions 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be exploited by creating empty files or directories in arbitrary locations within the host filesystem. This is achieved by sharing a...

szluyu99 gin-vue-blog 安全漏洞

szluyu99 gin-vue-blog is a Golang full-stack blog by Zhenyu personal developer, supporting Docker Compose one-click deployment. Based on the latest front-end and back-end technology stack Vue3, TS, Unocs, Redis and so on. The front-end contains a blog post display front , blog background manageme...

TencentOS Server 4: moby (TSSA-2024:0823)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0823 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via Script Runner tool. An attacker as an authenticated user can request any file from the Docker container via /script-api/scripts/ endpoint since these are stored in default location. Details A Directory Traversal...

Exploit for Code Injection in Vmware Spring_Framework

web-threat-mitigation Hands-on lab on detecting and mitigating...

CVE-2025-0163

IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts...