PT-2026-4315

Name of the Vulnerable Software and Affected Versions container versions prior to 0.8.0 containerization versions prior to 0.21.0 Description The ArchiveReader.extractContents function, utilized by cctl image load and container image load, lacks proper pathname validation during archive extractio...

CVE-2026-24047

CVE-2026-24047 affects Backstage: @backstage/cli-common relies on resolveSafeChildPath in @backstage/backend-plugin-api, which before v0.1.17 failed to validate symlink chains and dangling symlinks. This allowed path traversal via symlink chains (e.g., link1 → link2 → /outside) and dangling symli...

MAL-2025-49322 Malicious code in containerization-assist (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79aa72c875d99fe35db3e9de0382cc573aafe3a6a85d23ffcd7d6e47291e9f7f The package containerization-assist was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-37458

Malicious code in containerization-assist npm...

Malicious code in containerization-assist (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79aa72c875d99fe35db3e9de0382cc573aafe3a6a85d23ffcd7d6e47291e9f7f The package containerization-assist was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview containerization-assist is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

EUVD-2024-2176

Malicious code in bioql PyPI...

EUVD-2024-0773

Malicious code in bioql PyPI...

ICS-SimLab: A Containerized Approach for Simulating Industrial Control Systems for Cyber Security Research

Industrial Control Systems ICSs are complex interconnected systems used to manage process control within industrial environments, such as chemical processing plants and water treatment facilities. As the modern industrial environment moves towards Internet-facing services, ICSs face an increased...

NewStart CGSL MAIN 7.02 : docker-ce Vulnerability (NS-SA-2025-0150)

The remote NewStart CGSL host, running version MAIN 7.02, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is bui...

Redefining Application Security: Imperva’s Vision for the Future

It’s no secret that web applications have undergone a significant transformation over the past few years. The widespread adoption of containerization, serverless computing, low-code development, APIs, and microservices has redefined how applications are built, deployed, and scaled. According to...

Have We Reached a Distroless Tipping Point?

There's a virtuous cycle in technology that pushes the boundaries of what's being built and how it's being used. A new technology development emerges and captures the world's attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1119)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Partnering for Security: Qualys Solutions for Microsoft Azure Linux in AKS

As customers transition from traditional workloads to containerized environments, they face significant challenges. Containers introduce a level of complexity that traditional security measures often fail to address, primarily due to their ephemeral nature and the shared responsibility model...

Assessing Container Images Across Private Registries with InsightCloudSec

In the rapidly evolving landscape of software development and deployment, containerization has emerged as a game-changing technology and a de-facto foundation for the majority of modern applications. Containers allow developers to package applications and their dependencies into a single, portabl...

CBL Mariner 2.0 Security Update: moby-engine (CVE-2024-24557)

The version of moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24557 advisory. - Moby is an open-source project created by Docker to enable software containerization. The classic build...

Secure Your Containerized Environments with Qualys Containerized Scanner Appliance (QCSA)

IT has undergone a series of significant shifts over the years, from physical infrastructure to virtual, and how infrastructure was managed and maintained. This shift led IT through the digital transformation era, introducing various types of clouds and “As-a-Service” models. Although...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1785)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data

Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence AI-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information. "Exploitation of this vulnerability would have allowed...

ROS-20240410-17

The vulnerability of the ImageBuild function of the Moby containerization software tool is related to a flaw in the data source validation mechanism for endpoint processing. is related to a flaw in the data source validation mechanism for endpoint processing. Exploitation of the vulnerability cou...