550 matches found
aerobi-poc
Aerobi POC — Simulação local de monitoramento de câmeras Labo...
CVE-2026-41930
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...
CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...
CVE-2026-41930
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...
CVE-2026-41930
Vvveb
Vvveb 访问控制错误漏洞
Vvveb is a powerful and easy-to-use CMS developed by Givan’s individual developers. It is used to build websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained an access control vulnerability. This vulnerability stemmed from hard-coded credentials in the...
PT-2026-38219
Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2 Description A hard-coded credentials issue exists in the docker-compose-apache.yaml configuration. This allows unauthenticated attackers to access the bundled phpMyAdmin container using pre-configured database...
unicas_docker_exploit
Cyber-Range Didattico in Docker / Educational Docker Cyber-Ran...
CVE-2026-41167 Jellystat has SQL Injection that leads to to Remote Code Execution
Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields directly into raw SQL strings. An authenticated user can inject arbitrary SQL via POST /api/getUserDetai...
CVE-2026-41167
Jellystat prior to 1.1.10 exposes SQL injection via POST /api/getUserDetails and POST /api/getLibrary, where unsanitized request-body fields are interpolated into raw SQL. This allows an authenticated user to read any table (including app_config) and, due to node-postgres simple query usage, enab...
GRC-demo-poc-oscal
GRC-OSCAL — continuous compliance, demonstrated A working pro...
SUSE: Security Advisory (SUSE-SU-2026:20976-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2026:20976-1 Security update for docker-compose
This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253584. - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validat...
SUSE-SU-2026:20949-1 Security update for docker-compose
This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253584. - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validat...
GHSA-4VRQ-3VRQ-G6GG vulnerabilities
Vulnerabilities for packages: trivy, scorecard, kubescape, osv-scanner, docker-compose, docker-cli-buildx, conftest, kaniko, buildah, trivy-operator, skaffold, zot, podman, guac...
CVE-2026-33748 vulnerabilities
Vulnerabilities for packages: trivy, scorecard, kubescape, osv-scanner, docker-compose, docker-cli-buildx, conftest, kaniko, buildah, trivy-operator, skaffold, zot, podman, guac...
GHSA-4C29-8RGM-JVJJ vulnerabilities
Vulnerabilities for packages: trivy, scorecard, kubescape, osv-scanner, docker-compose, docker-cli-buildx, conftest, kaniko, buildah, trivy-operator, skaffold, zot, podman, guac...
CVE-2026-33747 vulnerabilities
Vulnerabilities for packages: trivy, scorecard, kubescape, osv-scanner, docker-compose, docker-cli-buildx, conftest, kaniko, buildah, trivy-operator, skaffold, zot, podman, guac...
GHSA-4VRQ-3VRQ-G6GG vulnerabilities
Vulnerabilities for packages: docker-compose, kubescape-server-fips, buildah, kaniko, osv-scanner, trivy-operator-fips, docker-cli-buildx-fips, podman-fips, guac, scorecard, cloudbeat, docker-compose-fips, docker-cli-buildx, docker-fips, kubescape, zot, buildah-fips, kubescape-server, conftest,...
GHSA-4C29-8RGM-JVJJ vulnerabilities
Vulnerabilities for packages: docker-compose, kubescape-server-fips, buildah, kaniko, osv-scanner, trivy-operator-fips, docker-cli-buildx-fips, podman-fips, guac, scorecard, cloudbeat, docker-compose-fips, docker-cli-buildx, docker-fips, kubescape, zot, buildah-fips, kubescape-server, conftest,...