Lucene search
K

9269 matches found

Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.8 views

PT-2026-5494

Name of the Vulnerable Software and Affected Versions Backstage versions prior to 1.13.11 and 1.14.1 Description Backstage is a framework for building developer portals, and @backstage/plugin-techdocs-node provides functionalities for TechDocs. A path traversal issue exists in the TechDocs local...

5.3CVSS6AI score0.00387EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/01/29 11:4 p.m.6 views

CVE-2026-1665

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

5.4CVSS6.2AI score0.00767EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/01/29 10:15 p.m.9 views

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

8.8CVSS0.00566EPSS
Exploits1References2
NVD
NVD
added 2026/01/29 10:15 p.m.7 views

CVE-2026-24845

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

6.5CVSS0.00336EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/29 10:4 p.m.8 views

malcontent OCI image pull credential exfiltration via malicious registry token realm

Malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. Malcontent uses google/go-containerregistry for OCI image pulls, which by default uses the Docker credential keychain. A malicious registry could return a WWW-Authenticate header...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/29 9:49 p.m.5 views

CVE-2026-25116 Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS5.7AI score0.00566EPSS
Exploits1References2
CVE
CVE
added 2026/01/29 9:49 p.m.16 views

CVE-2026-25116

Runtipi (homeserver orchestrator) is vulnerable in versions 4.5.0–4.7.1 due to an unauthenticated Path Traversal in UserConfigController caused by insecure URN parsing, allowing remote overwrite of docker-compose.yml and resulting in full Remote Code Execution and host filesystem compromise upon ...

8.8CVSS6AI score0.00566EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:49 p.m.6 views

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS6AI score0.00566EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/01/29 9:49 p.m.33 views

CVE-2026-25116 Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS0.00566EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/29 9:49 p.m.5 views

EUVD-2026-4942

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS6AI score0.00566EPSS
Exploits1References2
OSV
OSV
added 2026/01/29 9:49 p.m.5 views

CVE-2026-25116 Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS6AI score0.00566EPSS
Exploits1References4
EUVD
EUVD
added 2026/01/29 9:2 p.m.5 views

EUVD-2026-4945

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:2 p.m.5 views

CVE-2026-24845

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/29 9:2 p.m.5 views

CVE-2026-24845 malcontent's OCI image scanning could expose registry credentials

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References2
CVE
CVE
added 2026/01/29 9:2 p.m.18 views

CVE-2026-24845

CVE-2026-24845 affects the malcontent tool. The advisory describes that versions prior to 1.20.3 (starting with 0.10.0) could exfiltrate Docker registry credentials when scanning certain OCI image references. The vulnerability stems from malcontent using google/go-containerregistry for OCI image ...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/29 9:2 p.m.6 views

CVE-2026-24845

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.8 views

PT-2026-5367

Name of the Vulnerable Software and Affected Versions Runtipi versions 4.5.0 through 4.7.1 Description Runtipi is a personal homeserver orchestrator. An unauthenticated Path Traversal vulnerability exists in the UserConfigController. This allows a remote user to overwrite the system's...

7.6CVSS6AI score0.00566EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.7 views

Runtipi Access Control Vulnerability

Runtipi is an open-source family server orchestrator developed by Runtipi. Versions of Runtipi prior to 4.7.2 contained a access control vulnerability caused by unauthorized path traversal. This vulnerability could allow for overwriting of the docker-compose.yml configuration file, leading to...

8.8CVSS6.5AI score0.00566EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.14 views

Malcontent security vulnerabilities

Malcontent is a supply chain attack detection tool developed by Chainguard. Versions prior to 1.20.3 of Malcontent contain security vulnerabilities. These vulnerabilities arise from the possibility of exposing Docker registry credentials during the scanning of specially crafted OCI image referenc...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References2
Chainguard
Chainguard
added 2026/01/28 7:17 p.m.9 views

CVE-2025-11065 vulnerabilities

Vulnerabilities for packages: neuvector-sigstore-interface-fips, k9s-fips, gitlab-cng, gitlab-cng-fips, kyverno, gitlab-runner, mattermost-fips, zitadel, tkn-fips, bank-vaults, datadog-agent, datadog-agent-fips, pluto-fips, kyverno-fips, ratify-fips, beats, grafana-fips, istio-fips,...

5.3CVSS6AI score0.00357EPSS
Exploits0
Rows per page
Query Builder