Lucene search
K

408 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in @marcos_feitoza/docker-image (npm)

The package @marcosfeitoza/docker-image was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-9092 Malicious code in @marcos_feitoza/docker-image (npm)

The package @marcosfeitoza/docker-image was found to contain malicious code...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.3 views

Jenkins ssh-agent Docker Image < 6.11.2 SSH Host Key Reuse

According to their self-reported version numbers, the jenkins/ssh-agent docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on...

9.1CVSS5.5AI score0.00449EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.7 views

Jenkins ssh-slave Docker Image SSH Host Key Reuse

According to their self-reported version numbers, the jenkins/ssh-slave docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-slave Docker images, SSH host keys are generated on image creation for images based on Debian, causing all...

9.1CVSS5.5AI score0.00449EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/09 12:0 a.m.5 views

Mautic Docker Image 安全漏洞

Mautic Docker Image is a Mautic open source Docker image for Mautic. A security vulnerability exists in Mautic Docker Image that stems from exposing the PHP version via the X-Powered-By header, which could lead to server fingerprinting...

5.3CVSS6.7AI score0.00237EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/07/02 2:29 p.m.479 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 – sudo chroot "chwoot" PoC This repository p...

9.3CVSS9.6AI score0.47467EPSS
Exploits70
RedhatCVE
RedhatCVE
added 2025/05/23 9:40 a.m.7 views

CVE-2024-23055

An issue in Plone Docker Official Image 5.2.13 5221 open-source software allows for remote code execution via improper validation of input by the HOST headers...

6.1CVSS8AI score0.00911EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:52 a.m.11 views

CVE-2024-24562

vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While ...

5.4CVSS6.9AI score0.00349EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.17 views

CVE-2023-22495

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...

9.8CVSS7AI score0.01147EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:12 a.m.8 views

CVE-2022-43679

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusteddomains config useless. This could be abused to spoof the URL in password-reset e-mail messages...

5.3CVSS6.6AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:35 p.m.8 views

CVE-2021-43842

Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute...

5.4CVSS6.3AI score0.0072EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:43 p.m.4 views

CVE-2021-39939

An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to...

6.5CVSS6.6AI score0.00907EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:42 p.m.7 views

CVE-2020-5252

The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

5CVSS7AI score0.00366EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.5 views

CVE-2020-35463

Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password...

10CVSS7.2AI score0.02054EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.18 views

CVE-2020-35468

The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password...

10CVSS7.3AI score0.02054EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:9 p.m.6 views

CVE-2020-35469

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password...

10CVSS7.3AI score0.02054EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 p.m.10 views

CVE-2020-35464

Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password...

10CVSS7.3AI score0.02054EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 p.m.8 views

CVE-2020-29576

The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password...

10CVSS7.3AI score0.02979EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.9 views

CVE-2020-29575

The official elixir Docker images before 1.8.0-alpine Alpine specific contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password...

10CVSS7.3AI score0.02898EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:32 p.m.7 views

CVE-2020-35466

The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password...

10CVSS7.3AI score0.02054EPSS
Exploits0
Rows per page
Query Builder