MAL-2025-5187 Malicious code in vscode-docker (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61618685e358ec6a20db218d79632439bfc8286cfea396d5184f9bdbd019f640 Any computer that has this package installed or running should be considered...

CVE-2025-49842

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

Exploit for CVE-2025-49113

Install docker run --name ubuntu24 \ -p 9876:80 \ -v...

CVE-2025-49842

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

CVE-2025-49842

The CVE concerns conda-forge-webservices, a web app used to manage conda-forge admin tasks. Prior to version 2025.3.24, the conda_forge_webservice Docker container executed commands without a dedicated user, leaving the container running as root. This can enable privilege escalation and potential...

CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...

conda-forge-webservices 安全漏洞

conda-forge-webservices is a conda-forge open source web application deployed to run condaforge management commands and linting. A security vulnerability exists in conda-forge-webservices versions prior to 2025.3.24, which stems from a Docker container executing commands as the root user, which...

PT-2025-25764 · Unknown +3 · Portainer Community Edition +4

Name of the Vulnerable Software and Affected Versions: Portainer Community Edition versions prior to 2.31.0 STS and prior to 2.27.7 LTS Description: The issue affects a lightweight service delivery platform for containerized applications, allowing management of Docker, Swarm, Kubernetes, and ACI...

PT-2025-25658 · Conda Forge · Conda-Forge-Webservices

Name of the Vulnerable Software and Affected Versions: conda-forge-webservices versions prior to 2025.3.24 Description: The conda-forge-webservices web app, used to run conda-forge admin commands and linting, has an issue where the conda forge webservice Docker container executes commands without...

Astra Linux – Vulnerability in runc-app

Runc is a CLI tool for spawning and running containers according to the OCI specification. Runc versions 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be exploited by creating empty files or directories in arbitrary locations within the host filesystem. This is achieved by sharing a...

szluyu99 gin-vue-blog 安全漏洞

szluyu99 gin-vue-blog is a Golang full-stack blog by Zhenyu personal developer, supporting Docker Compose one-click deployment. Based on the latest front-end and back-end technology stack Vue3, TS, Unocs, Redis and so on. The front-end contains a blog post display front , blog background manageme...

TencentOS Server 4: moby (TSSA-2024:0823)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0823 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via Script Runner tool. An attacker as an authenticated user can request any file from the Docker container via /script-api/scripts/ endpoint since these are stored in default location. Details A Directory Traversal...

Exploit for Code Injection in Vmware Spring_Framework

web-threat-mitigation Hands-on lab on detecting and mitigating...

CVE-2025-0163

IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts...

IBM Security Verify Access Docker和IBM Security Verify Access Appliance 安全漏洞

IBM Security Verify Access Docker and IBM Security Verify Access Appliance are both products of International Business Machines IBM.IBM Security Verify Access Docker is a software that can be used to configure a Docker IBM Security Verify Access Docker is a service that can be used to configure a...

Amazon Linux 2 : docker (ALASECS-2025-066)

The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-066 advisory. containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where...

Medium: docker

Issue Overview: containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a UID:GID larger than the maximum 32-bit signed integer can cause an overflow condition where the container...