CVE-2025-49593 Portainer HTTP Headers May Leak to Malicious Container Registries

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a maliciou...

CVE-2025-24976

Distribution’s token authentication flaw (CVE-2025-24976) affects registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token auth enabled. The root cause: JWT JWK verification accepts a header with a certificate chainless JWK but only validates the KeyID against trusted keys, not the actual key...