23 matches found
CVE-2026-44849
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...
CVE-2026-44849
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...
EUVD-2026-33063
Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...
Portainer 安全漏洞
Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. There were security vulnerabilities in versions of Portainer Community Edition from 2.33.0 to 2.33.8, as well as in versions prior to 2.39.2 and 2.41.0. These...
PT-2026-41035
Name of the Vulnerable Software and Affected Versions Portainer versions 2.33.0 through 2.33.7 Portainer versions 2.39.0 through 2.39.1 Portainer versions 2.40.0 through 2.40.x Portainer versions prior to 2.33.0 Description An authorization bypass exists in the Docker API proxy layer where plugin...
CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training
Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...
CVE-2023-40350
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...
Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3 Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. CWE:CWE-639:...
EUVD-2023-2359
Malicious code in bioql PyPI...
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet
Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for...
GO-2023-1701 Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker...
GO-2023-1699 Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker
Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker...
The vulnerability of the Docker Swarm Dashboard component of the Jenkins Docker Swarm Plugin allows a attacker to perform cross-site scripting attacks.
The vulnerability of the Docker Swarm Dashboard component of the Jenkins Docker Swarm plugin is related to the lack of security measures for the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...
Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability
Jenkins Docker Swarm Plugin processes Docker responses to generate the Docker Swarm Dashboard view. Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view. This results in a stored cross-site scripting XSS...
Cross site scripting
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...
CVE-2023-40350
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...
CVE-2023-40350
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control responses from Docker...
Jenkins Plugin Docker Swarm 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. Jenkins Plugin A cross-si...
PT-2023-5740 · Jenkins · Jenkins Docker Swarm Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Docker Swarm Plugin versions 1.11 and earlier Description: The issue is related to the Jenkins Docker Swarm Plugin, which does not properly escape values returned from Docker before inserting them into the Docker Swarm Dashboard view...