Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

CVE-2024-23113 FortiOS Test Environment A Docker-based test e...

CVE-2025-52999 vulnerabilities

Vulnerabilities for packages: gradle-stage0, tez, cassandra, celeborn, scala, confluent-common-docker, cassandra-reaper...

GHSA-H46C-H94J-95F3 vulnerabilities

Vulnerabilities for packages: gradle-stage0, tez, cassandra, celeborn, scala, confluent-common-docker, cassandra-reaper...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 – Sudo chroot Local Privilege Escalation Lab T...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 – sudo chroot "chwoot" PoC This repository p...

This Week in Spring - July 1st, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's July!! This week, I'm on PTO, and as always, I'm looking for good reading material on the plane ride over for my holiday. Thank goodness for the ever-vibrant and awesome Spring community; there's tons of stuff to dive...

EulerOS 2.0 SP13 : docker-engine (EulerOS-SA-2025-1700)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1685)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1700)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15: helm / helm-bash-completion / helm-fish-completion / etc (SUSE-SU-2025:02121-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02121-1 advisory. Update to version 3.18.3: builddeps: bump golang.org/x/crypto from 0.38.0 to 0.39.0 6838ebc dependabotbot fix: user username...

Exploit for CVE-2024-38819

CVE-2024-38819: Proof of Concept PoC This is a proof of con...

Mageia: Security Advisory (MGASA-2025-0189)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated docker packages fix security vulnerability

External DNS requests from 'internal' networks could lead to data exfiltration - CVE-2024-29018 We can't determine if docker 24.0.5 is affected but as it is no longer supported we are releasing version 25.0.7, as it is supported and free of the CVE...

MGASA-2025-0189 Updated docker packages fix security vulnerability

External DNS requests from 'internal' networks could lead to data exfiltration - CVE-2024-29018 We can't determine if docker 24.0.5 is affected but as it is no longer supported we are releasing version 25.0.7, as it is supported and free of the CVE...

Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network

Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. "Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activiti...

Exploit for Allocation of Resources Without Limits or Throttling in Apache Commons_Fileupload

CVE-2025-48988 & CVE-2025-48976 About This project runs a s...

Malicious code in vscode-docker (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61618685e358ec6a20db218d79632439bfc8286cfea396d5184f9bdbd019f640 Any computer that has this package installed or running should be considered...

MAL-2025-5187 Malicious code in vscode-docker (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61618685e358ec6a20db218d79632439bfc8286cfea396d5184f9bdbd019f640 Any computer that has this package installed or running should be considered...

CVE-2025-49842

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

Exploit for CVE-2025-49113

Install docker run --name ubuntu24 \ -p 9876:80 \ -v...