PT-2026-33776

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description The web server exposes a REST API endpoint '/api/4/' that is accessible without authentication. Due to a permissive Cross-Origin Resource Sharing CORS policy, specifically the...

PT-2026-33777

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description A Server-Side Request Forgery SSRF issue exists in the Glances IP plugin due to improper validation of the public api configuration parameter. The value of public api is passed directly to the urlope...

PT-2026-33831

Name of the Vulnerable Software and Affected Versions Flowsint affected versions not specified Description Flowsint is an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and verification. A remote attacker can create a sketch and trigger the org to asn...

PT-2026-33872

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

Portswigger_SQLI_LABs_code_review

PortSwigger SQL Injection Labs — Local Docker Recreations Sel...

GRC-demo-poc-oscal

GRC-OSCAL — continuous compliance, demonstrated A working pro...

Exploit for Improper Input Validation in Python

CVE-2023-24329 — Parser Differential Lab Educational use...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-32690 via apache-airflow (>=3.0.0 <=3.1.8)

apache-airflow PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-32690 Source advisory: OSV:GHSA-W9R4-94FJ-XP69...

Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Summary The GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image...

CVE-2026-35469 vulnerabilities

Vulnerabilities for packages: kots, k8ssandra-client, cilium-cli, argo-workflows, gitlab-kas, jitsucom-bulker, kubernetes, falcoctl, datadog-agent, trivy-operator, istio, cloudnative-pg, kube-arangodb, kwok, tigera-operator, juicefs-csi-driver, skaffold, cri-tools, kubeflow-pipelines, rancher,...

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: kots, k8ssandra-client, cilium-cli, argo-workflows, gitlab-kas, jitsucom-bulker, kubernetes, falcoctl, datadog-agent, trivy-operator, istio, cloudnative-pg, kube-arangodb, kwok, tigera-operator, juicefs-csi-driver, skaffold, cri-tools, kubeflow-pipelines, rancher,...

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: kcp, trivy, datadog-agent, trident, gitlab-runner, postgres-operator-fips, kubescape-server, grafana, cert-manager-istio-csr-fips, vcluster, docker-cli-buildx, percona-xtradb-cluster-operator, eck-operator, trident-fips, kubescape, redis-operator-fips, velero,...

[SECURITY] Fedora 43 Update: podman-5.8.2-1.fc43

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

[SECURITY] Fedora 43 Update: skopeo-1.22.2-1.fc43

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

ffensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

ofensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-42009 – Roundcube Stored XSS Docker PoC 📌 Overv...

[SECURITY] Fedora 42 Update: moby-engine-29.4.0-1.fc42

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

[SECURITY] Fedora 43 Update: moby-engine-29.4.0-1.fc43

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

(0Day) Docker Desktop credentialHelper Directory Traversal Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability. The specific flaw...