CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer for managing Docker environments and Docker hosts. Versions of Portainer Community Edition from 2.33.0 to 2.33.8 contained security vulnerabilities. These vulnerabilities stemmed from the kubeClientMiddleware middleware...

CVE-Factory: Scaling Expert-Level Agentic Tasks for Code Security Vulnerability

CVE-Factory is a Multi-Agent system for fully automated, end-to-end CVE reproduction. Given CVE records, the system automatically researches details, generates test cases, builds Docker environments, and validates that each vulnerability can be both exploited and patched. The pipeline transforms...

BackportBench: A Multilingual Benchmark for Automated Backporting of Patches

Many modern software projects evolve rapidly to incorporate new features and security patches. It is important for users to update their dependencies to safer versions, but many still use older, vulnerable package versions because upgrading can be difficult and may break their existing codebase...

The vulnerability of the software protection tool for accessing applications in Docker environments. IBM Security Verify Access Docker, which is related to errors in privilege management, allows attackers to elevate their privileges.

The vulnerability of the application access protection software in Docker environments is related to errors in privilege management. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the automation tool for deploying and managing applications in Docker-enabled environments, related to improper permission storage, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the automation tool for deploying and managing applications in Docker-enabled environments is related to improper storage of permissions. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

vulhub

This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is a defensive research tool for improving detection, response, and patch prioritization. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git, and more...

SUSE-SU-2022:3977-1 Security update for python-Werkzeug

This update for python-Werkzeug fixes the following issues: - CVE-2019-14806: Fixed insufficient debugger PIN randomness when running the development server in Docker containers bsc1145383...

The vulnerability of the Command Line Interface (CLI) of the deployment and application management automation tool in Docker-enabled environments allows a attacker to obtain arbitrary credentials.

The vulnerability of the Command Line Interface CLI of the deployment and application management tool in Docker-enabled environments is related to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to obtain arbitrary user...

Portainer code issue vulnerability

A code issue vulnerability exists in Portainer Agent, a lightweight user management interface for managing Docker environments and Docker hosts, which stems from the product's failure to associate Portainer instances with past time. An attacker could exploit the vulnerability to cause the API...

Portainer Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-87044)

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. Portainer suffers from a privilege permission and access control issue vulnerability that can be exploited by an attacker to obtain sensitive information...

编号撤回

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. Portainer suffers from a privilege permission and access control issue vulnerability that can be exploited by an attacker to obtain sensitive information...

Unauthorized Access Vulnerability in Portainer

Portainer is a graphical management tool for visualizing container images. With Portainer you can easily build, manage and maintain Docker environments. An unauthorized access vulnerability exists in Portainer. An attacker could exploit the vulnerability to obtain sensitive information...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is not a specific exploit or tool, but rather a collection of vulnerable environments for testing and learning purposes. The repository contains various vulnerable docker...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for testing and training purposes. The primary vulnerability is not explicitly stated, but the repository contains various vulnerable environments, including ones for...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for various areas, including web application security, penetration testing, and vulnerability research. The primary purpose of Vulhub is to provide a convenient and...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability is not specified, but the repository contains various vulnerable environments, including ones for CouchDB, FFmpeg, Git, InfluxDB,...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and education. The primary vulnerability class/vector targeted by this collection is not explicitly stated, but it likely...

Exploit for SQL Injection in Zabbix

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary CVE IDs present in the context are CVE-2016-10134, CVE-2017-2824, and CVE-2020-11800. The target product/service or framework is not explicitly...

vulhub

This repository is an open-source collection of pre-built vulnerable Docker environments, called Vulhub. It is an offensive tool for testing and training purposes. The primary vulnerability class/vector targeted by Vulhub is not explicitly stated, but it includes a wide range of vulnerabilities i...