PT-2026-39313

🔴 Docker Registry Auth Substring Match Forwards Credentials to a Different Registry CVE-2025-27119, High https://t.co/gO08whMpWZ...

Exploit for CVE-2026-7482

CVE-2026-7482: Ollama Heap Out-of-Bounds Read 1-Day PoC Thi...

Astra Linux - уязвимость в docker-registry

A flaw was discovered in the /v2/catalog endpoint located in the distribution/distribution directory. This endpoint accepts a parameter that controls the maximum number of records to be returned query string: n. This vulnerability allows a malicious user to submit an excessively large value for n...

org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...

GHSA-FJF4-6F34-W64Q Keycloak: Missing Check on Disabled Client for Docker Registry Protocol

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...

CVE-2026-2733 Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...

CVE-2026-2733 Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...

malcontent OCI image pull credential exfiltration via malicious registry token realm

Malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. Malcontent uses google/go-containerregistry for OCI image pulls, which by default uses the Docker credential keychain. A malicious registry could return a WWW-Authenticate header...

CVE-2026-24845 malcontent's OCI image scanning could expose registry credentials

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

CVE-2019-12825

Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving...

CVE-2025-58189 vulnerabilities

Vulnerabilities for packages: ctop, hydra, kubernetes-dashboard-metrics-scraper, cert-exporter, mods, promxy, spark-operator, custom-pod-autoscaler-operator, conjur-cli, docker-machine-driver-harvester, kube-logging-operator-custom-runner, delve, timescaledb-parallel-copy, wireguard-go,...

EUVD-2024-2641

Malicious code in bioql PyPI...

EUVD-2022-37327

Malicious code in bioql PyPI...

EUVD-2023-1171

Malicious code in bioql PyPI...

EUVD-2022-4077

Malicious code in bioql PyPI...

SUSE CVE-2025-6624

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

Docker Registry Access Management 安全漏洞

Docker Registry Access Management is a registry access management program from Docker Inc. in the United States. A security vulnerability exists in Docker Registry Access Management that stems from a MacOS configuration file that does not have a RAM policy applied, which could lead to the downloa...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities found in Java, Node.js and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor. Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of...

Docker Public Registry Detected

This is an informational notice that the scanner was able to detect a public Docker registry instance. No source data...

CVE-2021-39159

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input...