CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

CVE-2025-32021 Weblate VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext

Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the creation process. If, for example, the source code...

CVE-2025-30206

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

CVE-2025-30206 Dpanel's hard-coded JWT secret leads to remote code execution

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

CVE-2025-30206

Dpanel uses a hard-coded JWT secret in its default configuration, enabling attackers to forge valid tokens and bypass authentication, potentially gaining full control of the host. The GO-2025-3612 entry cites remote code execution as the outcome of this flaw in github.com/donknap/dpanel. The advi...

USN-7161-3: Docker vulnerability

USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. This update fixes it for source package docker.io in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,...

USN-7161-3 Docker vulnerability

USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. This update fixes it for source package docker.io in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details CVEID:CVE-2024-31883 DESCRIPTION: IBM Security Verify Access, under certain configurations, could allow an unauthenticated...

Dpanel 安全漏洞

Dpanel is a lightweight Docker visualization management panel open-sourced by Donknap that provides comprehensive container management features. A security vulnerability exists in Dpanel that stems from the inclusion of hardcoded JWT keys in the default configuration, which could lead to host...

This Week in Spring - April 15th, 2025

Spring AI M7 is here! This new release includes a bunch of awesome new features! And some refactorings. Notably that the Spring AI auto-configuration has changed from a single monolithic artifact to individual auto-configuration artifacts per model, vector store, and other components. This change...

Incomplete Patch Leaves NVIDIA and Docker Users at Risk

NVIDIA's incomplete security patch, combined with a Docker vulnerability, creates a serious threat for organizations using containerized environments. This article explains the risks and mitigation strategies...

Important: docker

Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...

Important: docker

Issue Overview: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or no...

CVE-2025-32755

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH...

CVE-2025-32754

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SS...

Exploit for Cross-site Scripting in Ourphp

cve-2023-30212 PoC for CVE-2023-30212 using Docker CVE-2023-...

OPENSUSE-SU-2025:14985-1 docker-27.5.1_ce-15.1 on GA media

These are all security issues fixed in the docker-27.5.1ce-15.1 package on the GA media of openSUSE Tumbleweed...

CVE-2025-22871 vulnerabilities

Vulnerabilities for packages: dbmate, cert-manager, nri-nginx, thanos-operator, incert, src-fingerprint, redka, vault-k8s, timoni, amazon-k8s-cni, falcoctl, hcloud, nri-postgresql, go-md2man, k6, prometheus-alertmanager, kubernetes-dns-node-cache, tkn, flux-image-reflector-controller, syft,...

GHSA-G9PC-8G42-G6VQ vulnerabilities

Vulnerabilities for packages: dbmate, cert-manager, nri-nginx, thanos-operator, incert, src-fingerprint, redka, vault-k8s, timoni, amazon-k8s-cni, falcoctl, hcloud, nri-postgresql, go-md2man, k6, prometheus-alertmanager, kubernetes-dns-node-cache, tkn, flux-image-reflector-controller, syft,...

GHSA-G9PC-8G42-G6VQ vulnerabilities

Vulnerabilities for packages: supercronic, direnv, karma-fips, memcached-exporter-fips, rancher-agent, eck-operator, elastic-agent, tfsec, argo-cd-fips, ini-file, traefik-fips, tigera-operator-fips, packer-fips, nri-rabbitmq, kubernetes, trino, local-static-provisioner, chartmuseum,...