44 matches found
MAL-2026-5146 Malicious code in @redhat-cloud-services/remediations-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5147 Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/frontend-components-advisor-components (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5142 Malicious code in @redhat-cloud-services/insights-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/remediations-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
CVE-2026-6406 Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag
The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...
Exploit for Race Condition Enabling Link Following in Linuxfoundation Runc
CVE-2025-31133 Compose Build Lab This lab is a small PaaS sim...
Exploit for Missing Authentication for Critical Function in Mcpjam Inspector
CVE-2026-23744 - Kobold Exploit Full chain exploit for the Ko...
CVE-2025-69426
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...
CVE-2025-69426 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...
CVE-2025-69426
The CVE-2025-69426 issue affects Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0. An initialization script contains hardcoded OS user credentials, enabling authentication even though SCP and pseudo-TTY are disabled. The SSH service is network-accessible without IP-based restriction...
CVE-2025-69426 Ruckus vRIoT IoT Controller < 3.0.0.0 Hardcoded SSH Credentials RCE
The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 GA contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY...
PT-2026-1953
Name of the Vulnerable Software and Affected Versions Ruckus vRIoT IoT Controller versions prior to 3.0.0.0 Description The Ruckus vRIoT IoT Controller firmware contains hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessib...
Exploit for OS Command Injection in Docker
🐳 ContainerBreaker - Docker Escape Exploit Simulator !Licen...
Docker Desktop 4.46.0 < 4.47.0 Container Escape
The version of Docker Desktop is prior to 4.47.0. It is therefore affected by a container escape vulnerability. In a hardened Docker environment, with Enhanced Container Isolation ECI https://docs.docker.com/enterprise/security/ hardened-desktop/enhanced-container-isolation/ enabled, an...
EUVD-2016-4751
Malware in sbrugna...
EUVD-2017-16436
Malware in sbrugna...
EUVD-2022-41745
Malicious code in bioql PyPI...
CVE-2025-10657
In a hardened Docker environment, with Enhanced Container Isolation ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ enabled, an administrator can utilize the command restrictions feature...