9165 matches found
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
UBUNTU-CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
CVE-2026-23924 affects the Zabbix Agent 2 Docker plugin. The issue is improper sanitization of the docker.container_info parameters when forwarding to the Docker daemon, enabling an attacker capable of invoking Agent 2 to read arbitrary files from running Docker containers by injecting them via t...
CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
CVE-2026-23924
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
GHSA-69FQ-XP46-6X23 Trivy ecosystem supply chain was briefly compromised
Summary On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious commits. On March 22...
Trivy ecosystem supply chain was briefly compromised
Summary On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious commits. On March 22...
PT-2026-27477
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...
Zabbix 安全漏洞
Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities stems from the Docker plugin not properly cleaning...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : docker (SUSE-SU-2026:0950-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0950-1 advisory. This update for docker rebuilds it against the current go 1.25 security release. Tenable has extracted th...
SUSE SLES15 / openSUSE 15 Security Update : docker-stable (SUSE-SU-2026:0972-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0972-1 advisory. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption...
Security update for docker-stable
This update for docker-stable fixes the following issues: CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption bsc1253904. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupda...
SUSE-SU-2026:0972-1 Security update for docker-stable
This update for docker-stable fixes the following issues: - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption bsc1253904...
Exploit for CVE-2025-9074
Description Vibe coded a small exploit script in pure Bash wit...
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4,...
CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training
Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...
Auditing MCP Servers for Over-Privileged Tool Capabilities
The Model Context Protocol MCP has emerged as a standard for connecting Large Language Models LLMs to external tools and data. However, MCP servers often expose privileged capabilities, such as file system access, network requests, and command execution that can be exploited if not properly...
Exploit for CVE-2026-21994
CVE-2026-21994 Summary Oracle OKIT oci-designer-tool...