408 matches found
Malicious code in @marcos_feitoza/docker-image (npm)
The package @marcosfeitoza/docker-image was found to contain malicious code...
MAL-2025-9092 Malicious code in @marcos_feitoza/docker-image (npm)
The package @marcosfeitoza/docker-image was found to contain malicious code...
Jenkins ssh-agent Docker Image < 6.11.2 SSH Host Key Reuse
According to their self-reported version numbers, the jenkins/ssh-agent docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on...
Jenkins ssh-slave Docker Image SSH Host Key Reuse
According to their self-reported version numbers, the jenkins/ssh-slave docker containers running on the remote web server are affected by an SSH host key reuse vulnerability. In jenkins/ssh-slave Docker images, SSH host keys are generated on image creation for images based on Debian, causing all...
Mautic Docker Image 安全漏洞
Mautic Docker Image is a Mautic open source Docker image for Mautic. A security vulnerability exists in Mautic Docker Image that stems from exposing the PHP version via the X-Powered-By header, which could lead to server fingerprinting...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
CVE-2025-32463 – sudo chroot "chwoot" PoC This repository p...
CVE-2024-23055
An issue in Plone Docker Official Image 5.2.13 5221 open-source software allows for remote code execution via improper validation of input by the HOST headers...
CVE-2024-24562
vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit 68dfa6614 which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While ...
CVE-2023-22495
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token JWT, an attacker cou...
CVE-2022-43679
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusteddomains config useless. This could be abused to spoof the URL in password-reset e-mail messages...
CVE-2021-43842
Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute...
CVE-2021-39939
An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to...
CVE-2020-5252
The command-line "safety" package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...
CVE-2020-35463
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password...
CVE-2020-35468
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password...
CVE-2020-35469
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password...
CVE-2020-35464
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password...
CVE-2020-29576
The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password...
CVE-2020-29575
The official elixir Docker images before 1.8.0-alpine Alpine specific contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password...
CVE-2020-35466
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password...