4 matches found
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33634link is external Aqua Security Trivy Embedded Malicious Code Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...
Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack
On March 19, 2026, threat actors injected credential-stealing malware into Aqua Security’s Trivy scanner and related GitHub Actions. Learn how "TeamPCP" executed this breach and how to audit your environment...
Aqua Security Trivy < 0.51.2 Credential Leak (GHSA-xcq4-m2r3-cmrj)
The version of Aqua Security Trivy installed on the remote host is prior to 0.51.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-xcq4-m2r3-cmrj advisory. - If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could...
Aqua Security Trivy 安全漏洞
Aqua Security Trivy is a comprehensive and versatile security scanner from Aqua Security. A security vulnerability exists in Aqua Security Trivy versions prior to 0.51.2, which stems from a potential leak of registry credentials when scanning images from a malicious registry...