PT-2026-42873

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.2 Description The "PUT /api/environments/id/templates/variables" endpoint, used to write the system-wide .env.global file for variable substitution in project compose files, lacks an admin authorization check. Any...

CVE-2026-32590 Mirror-registry: remote code execution using pickle deserialization

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server...

CVE-2026-31801

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...

zot 安全漏洞

Zot is an open-source OCI image registry developed by The Zot Project. Versions 1.3.0 to 2.1.14 of Zot contain security vulnerabilities. These vulnerabilities stem from the improper operation inference of the dist-spec authorization middleware when handling PUT /v2/name/manifests/reference...

CVE-2024-39897

zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...

RLSA-2025:23294 Moderate: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 For more details about the security issues,...

RHEL 10 : skopeo (RHSA-2025:23348)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23348 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify...

EUVD-2013-4238

Malware in sbrugna...

EUVD-2014-9310

Malware in sbrugna...

EUVD-2015-0035

Malware in sbrugna...

EUVD-2015-0034

Malware in sbrugna...

EUVD-2020-3142

Malware in sbrugna...

EUVD-2024-2258

Malicious code in bioql PyPI...

EUVD-2022-5126

Malicious code in bioql PyPI...

EUVD-2024-44555

Malicious code in bioql PyPI...

EUVD-2022-2324

Malicious code in bioql PyPI...

EUVD-2025-0111

Malicious code in bioql PyPI...

CVE-2025-48374

zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f, when using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout...

Linux Distros Unpatched Vulnerability : CVE-2014-0162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated...

CVE-2025-23208

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...