Security update for docker

This update for docker rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux...

SUSE-SU-2026:1492-1 Security update for docker

This update for docker rebuilds it against the current go 1.25 security release...

PT-2026-33778

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description The Cassandra export module glances/exports/glances cassandra/ init .py interpolates configuration values directly into CQL statements without validation. A user with write access to glances.conf can...

PT-2026-33776

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description The web server exposes a REST API endpoint '/api/4/' that is accessible without authentication. Due to a permissive Cross-Origin Resource Sharing CORS policy, specifically the...

PT-2026-33831

Name of the Vulnerable Software and Affected Versions Flowsint affected versions not specified Description Flowsint is an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and verification. A remote attacker can create a sketch and trigger the org to asn...

PT-2026-33777

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.4 Description A Server-Side Request Forgery SSRF issue exists in the Glances IP plugin due to improper validation of the public api configuration parameter. The value of public api is passed directly to the urlope...

PT-2026-33872

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

Portswigger_SQLI_LABs_code_review

PortSwigger SQL Injection Labs — Local Docker Recreations Sel...

GRC-demo-poc-oscal

GRC-OSCAL — continuous compliance, demonstrated A working pro...

Exploit for Improper Input Validation in Python

CVE-2023-24329 — Parser Differential Lab Educational use...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-32690 via apache-airflow (>=3.0.0 <=3.1.8)

apache-airflow PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-32690 Source advisory: OSV:GHSA-W9R4-94FJ-XP69...

Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs

Summary The GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exist in the released v3.0.13 Docker image...

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: argo-cd, kubernetes-dashboard-api, percona-server-mongodb-operator, redis-operator, kubernetes, gitlab-runner, kubevela, k8ssandra-client, cilium, zarf, headlamp, k9s, kots, kargo, argo-rollouts, eksctl, cri-tools, gitlab-kas, infinispan-operator, velero,...

CVE-2026-35469 vulnerabilities

Vulnerabilities for packages: argo-cd, kubernetes-dashboard-api, percona-server-mongodb-operator, redis-operator, kubernetes, gitlab-runner, kubevela, k8ssandra-client, cilium, zarf, headlamp, k9s, kots, kargo, argo-rollouts, eksctl, cri-tools, gitlab-kas, infinispan-operator, velero,...

GHSA-PC3F-X583-G7J2 vulnerabilities

Vulnerabilities for packages: kcp, trivy, datadog-agent, trident, gitlab-runner, postgres-operator-fips, kubescape-server, grafana, cert-manager-istio-csr-fips, vcluster, docker-cli-buildx, percona-xtradb-cluster-operator, eck-operator, trident-fips, kubescape, redis-operator-fips, velero,...

[SECURITY] Fedora 43 Update: skopeo-1.22.2-1.fc43

Command line utility to inspect images and repositories directly on Docker registries without the need to pull them...

[SECURITY] Fedora 43 Update: podman-5.8.2-1.fc43

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

ofensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

ffensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-42009 – Roundcube Stored XSS Docker PoC 📌 Overv...