Fleet Access Control Error Vulnerability (CNVD-2026-16814)

Fleet is Fleet Device Management open source a device management platform that supports a wide range of operating systems and devices to help IT and security teams with device management, vulnerability reporting, MDM and more. An access control error vulnerability exists in Fleet versions prior t...

CVE-2020-24263

Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYSMODULE, which can be used to take over the Docker host...

CVE-2020-24264

Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container ...

CVE-2024-41121

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

CVE-2023-7325

Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery SSRF vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix...

VulnCheck KEV: CVE-2023-7325

Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery SSRF vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix...

EUVD-2020-16999

Malware in sbrugna...

EUVD-2020-18852

Malware in sbrugna...

EUVD-2024-2456

Malicious code in bioql PyPI...

EUVD-2024-2240

Malicious code in bioql PyPI...

Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS

A critical vulnerability CVE-2025-9074 in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious…...

CVE-2025-52353

CVE-2025-52353 affects Badaso CMS 2.9.11 where the Media Manager file-upload endpoint bypasses content-type validation, allowing authenticated users to upload files containing embedded PHP code. When such a file is accessed via its URL, the server executes the PHP payload, enabling arbitrary syst...

Remote Code Execution (RCE)

github.com/tnborg/panel is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper path handling in the CleanPath middleware from the go-chi/chi package, which fails to process r.URL.Path, followed by flaws in backend login path exposure, which allows an attacker to bypass...

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

Code Injection

Woodpecker is vulnerable to Code Injection. The vulnerability is due to insufficient user validation, allowing any user to trigger malicious workflows that can either take over the host running the agent or extract secrets by overwriting plugin entry points...

CVE-2024-41122

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

CVE-2024-41121

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...

Woodpecker's custom workspace allow to overwrite plugin entrypoint executable

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

GHSA-3WF2-2PQ4-4RVC Woodpecker's custom environment variables allow to alter execution flow of plugins

Impact The server allow to create any user who can trigger a pipeline run malicious workflows: - Those workflows can either lead to a host takeover that runs the agent executing the workflow. - Or allow to extract the secrets who would be normally provided to the plugins who's entrypoint are...

CVE-2024-41122 Custom environment variables allow to alter execution flow of plugins in Woodpecker

Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead to a host takeover that runs the agent executing the workflow. 2. Or allow to extract the secrets w...