Medium: docker

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

SUSE: Security Advisory (SUSE-SU-2026:20976-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

infosec-notebook

infosec-notebook Personal cybersecurity notes and references...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Attacker Lab: CVE-2017-5638 & CVE-2021-41773 A 7-host Docker-...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: zot, secrets-store-csi-driver-provider-aws, flux-image-automation-controller, witness, esbuild, govulncheck, mattermost, kaf, istio, tigera-operator, kubernetes-csi-external-health-monitor, ctop, smarter-device-manager, custom-pod-autoscaler-operator,...

CVE-2026-32289 vulnerabilities

Vulnerabilities for packages: zot, secrets-store-csi-driver-provider-aws, flux-image-automation-controller, cilium-cli, k8ssandra-client, pulumi-language-java, cluster-autoscaler, cluster-api-provider-vsphere, gitlab-kas, witness, mattermost, kaf, spegel, snyk-cli, argo-events, datadog-agent, mc,...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: zot, secrets-store-csi-driver-provider-aws, flux-image-automation-controller, cilium-cli, k8ssandra-client, pulumi-language-java, cluster-autoscaler, cluster-api-provider-vsphere, gitlab-kas, witness, mattermost, kaf, spegel, snyk-cli, argo-events, datadog-agent, mc,...

CVE-2026-32289 vulnerabilities

Vulnerabilities for packages: trivy, knative-net-istio-fips, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, gatus-fips, ingress-nginx-controller, docker-machine-driver-harvester, eks-node-monitoring-agent, terraform-provider-azuread,...

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, influxd, caddy, commercial-chainloop-backend, ingress-nginx-controller, elastic-agent, rabbitmq-messaging-topology-operator, kube-state-metrics, rclone-fips, snyk-cli, gatekeeper-fips, ko-fips, gitaly, juicefs, rke2-runtime, sonobuoy, kyverno,...

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, influxd, caddy, commercial-chainloop-backend, ingress-nginx-controller, elastic-agent, rabbitmq-messaging-topology-operator, kube-state-metrics, rclone-fips, snyk-cli, gatekeeper-fips, ko-fips, gitaly, juicefs, rke2-runtime, sonobuoy, kyverno,...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: trivy, knative-net-istio-fips, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, gatus-fips, ingress-nginx-controller, docker-machine-driver-harvester, eks-node-monitoring-agent, terraform-provider-azuread,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, prometheus-pushgateway-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller,...

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, prometheus-pushgateway-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller,...

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-managedidentity, custom-pod-autoscaler-fips, ingress-nginx-controller, crossplane-provider-aws-sqs-fips, rabbitmq-messaging-topology-operator, goose, git-lfs, pvc-autoresizer, newrelic-nri-statsd, gitaly, thanos-receive-controller-fips,...

CVE-2026-27140 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-managedidentity, custom-pod-autoscaler-fips, ingress-nginx-controller, crossplane-provider-aws-sqs-fips, rabbitmq-messaging-topology-operator, goose, git-lfs, pvc-autoresizer, newrelic-nri-statsd, gitaly, thanos-receive-controller-fips,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, prometheus-pushgateway-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller,...

gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

GHSA-7XGM-5PRM-V5GC vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

GHSA-9M94-W2VQ-HCF9 vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

CVE-2025-64436 vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...