CVE-2026-44849

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...

EUVD-2026-33063

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. There were security vulnerabilities in versions of Portainer Community Edition from 2.33.0 to 2.33.8, as well as in versions prior to 2.39.2 and 2.41.0. These...

PT-2026-41035

Name of the Vulnerable Software and Affected Versions Portainer versions 2.33.0 through 2.33.7 Portainer versions 2.39.0 through 2.39.1 Portainer versions 2.40.0 through 2.40.x Portainer versions prior to 2.33.0 Description An authorization bypass exists in the Docker API proxy layer where plugin...

CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training

Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3 Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. CWE:CWE-639:...

EUVD-2023-2359

Malicious code in bioql PyPI...

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for...

GO-2023-1701 Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker

Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker...

GO-2023-1699 Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker

Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker...

Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability

Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view. Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting XSS...

Cross site scripting

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

CVE-2023-40350

Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...

Jenkins Plugin Docker Swarm 跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A cross-si...

PT-2023-5740 · Jenkins · Jenkins Docker Swarm Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Docker Swarm Plugin versions 1.11 and earlier Description: The issue is related to the Jenkins Docker Swarm Plugin, which does not properly escape values returned from Docker before inserting them into the Docker Swarm Dashboard view...

Docker Swarm encrypted overlay network may be unauthenticated

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

Is Docker Swarm going to change how we do microservices APIs?

During the DockerCon a couple of weeks ago the new native swarm functionality was one of the highlighted themes. What is a swarm? A swarm is a cluster of Docker engines, or nodes, which acts as an orchestrator, monitor and ingress load balancer for all the services deployed on swarm. The Docker...