coral-server 安全漏洞

Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of forced strong authentication during active sessions, allowing attacker...

coral-server 安全漏洞

Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the/api/v1/sessions endpoint, which allowed the creation of proxy sessions without...

Smanga 安全漏洞

Smanga is a Docker-based comic streaming reading tool developed by lkw199711. Version 3.2.7 of Smanga has a security vulnerability, which stems from insecure permission verification in the check-power.php script. This vulnerability could allow unverified attackers to reset any user’s password and...

CVE-2026-24129

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

CVE-2026-24129

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

CVE-2026-24129 Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

CVE-2026-24129

Runtipi (Docker-based homeserver) versions 3.7.0+ are vulnerable to authenticated arbitrary command execution via shell metacharacters injected into backup filenames. The BackupManager stores uploaded backups using the raw originalname on the host filesystem, allowing an attacker to stage a file ...

Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking

The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a...

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana build 271 Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an incorrect cipher key and IV length processing during the...

Security Bulletin: Due to use of Postgresql JDBC, IBM Instana Observability is vulnerable to SQL injection.

Summary Postgresql JDBC is used by IBM Instana Observability as part of the instana-postgresql-sensor. CVE-2024-1597. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-1597 DESCRIPTION: PostgreSQL JDBC Driver PgJDBC is vulnerable to SQL...

Security Bulletin: Docker based datastores for IBM Instana do not currently require authentication

Summary Docker based datastores for IBM Instana do not currently require authentication. Due to this, an attacker with network or system access to the datastores could interrogate the datastores with read/write privileges CVE-2023-27290. Vulnerability Details CVEID:CVE-2023-27290 DESCRIPTION:...

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...

Theonedev Onedev 授权问题漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev An authorization issue...