140 matches found
KonR
KonR Hierarchical multi-agent AI penetration testing system p...
open-notebook 安全漏洞
Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.3 of Open-Notebook contains a security vulnerability. This vulnerability stems from a lack of user input validation in the file upload function, which may allow users to access the content of...
open-notebook 安全漏洞
Open-Notebook is a privacy-oriented multi-model AI note-taking tool developed by Luis Novo. Version 1.8.3 of Open-Notebook contains a security vulnerability. This vulnerability stems from a lack of user input validation in the file upload function, which may allow users to create or modify files ...
PT-2026-33778
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description The Cassandra export module glances/exports/glances cassandra/ init .py interpolates configuration values directly into CQL statements without validation. A user with write access to glances.conf can...
[SECURITY] Fedora 42 Update: moby-engine-29.4.0-1.fc42
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...
[SECURITY] Fedora 43 Update: moby-engine-29.4.0-1.fc43
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...
Act 安全漏洞
Act is a locally run tool developed by Nektos and open source. Versions of Act prior to 0.2.86 have security vulnerabilities. These vulnerabilities stem from the built-in actions/cache server, which listens to all interface connections. This could lead to arbitrary cache creation and retrieval,...
CVE-2026-32749 SiYuan importSY/importZipMd: Path Traversal via multipart filename enables arbitrary file write
SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importSY and POST /api/import/importZipMd write uploaded archives to a path derived from the multipart filename field without sanitization, allowing an admin to write files to arbitrary locations outsi...
SUSE CVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle's agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out-of-scope containers for example, env=prod on the same agen...
CVE-2026-24740
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...
EUVD-2026-4741
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...
CVE-2026-23846
Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...
PT-2026-3491
Name of the Vulnerable Software and Affected Versions Tugtainer versions prior to 1.16.1 Description Tugtainer is a self-hosted application designed for automating updates of Docker containers. Prior to version 1.16.1, the password authentication process transmits passwords through URL query...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: docker (UTSA-2026-000514)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000514 advisory. Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In...
Evasion-Resilient Detection of DNS-Over-HTTPS Data Exfiltration: A Practical Evaluation and Toolkit
The purpose of this project is to assess how well defenders can detect DNS-over-HTTPS DoH file exfiltration, and which evasion strategies can be used by attackers. While providing a reproducible toolkit to generate, intercept and analyze DoH exfiltration, and comparing Machine Learning vs...
[SECURITY] Fedora 42 Update: moby-engine-29.1.3-1.fc42
Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...
homarr 注入漏洞
homarr is a customizable browser homepage by Thomas Camlong, an individual developer, that is used to interact with Docker containers on the home server. An injection vulnerability exists in homarr versions prior to 1.45.3 that stems from insufficient ldap search query input cleanup, which could...
EUVD-2017-18916
Malware in sbrugna...
EUVD-2025-1509
Malicious code in bioql PyPI...
EUVD-2024-3150
Malicious code in bioql PyPI...