CVE-2025-49593 – Portainer Exposed Registry Authentication Credentials Leakage

June 17, 2025

CVE ID : CVE-2025-49593

Published : June 17, 2025, 10:15 p.m. | 15 minutes ago

Description : Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a malicious container registry, or an existing container registry can be taken over, HTTP Headers (including registry authentication credentials or Portainer session tokens) may be leaked to that registry. This issue has been patched in STS version 2.31.0 and LTS version 2.27.7.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49825 – Teleport Remote Authentication Bypass Vulnerability

Next Article CVE-2025-49843 – Conda-Smithy File Permission Bypass Vulnerability

Highlights

CVE-2013-10051 – InstantCMS PHP Code Execution Vulnerability

August 1, 2025

CVE ID : CVE-2013-10051

Published : Aug. 1, 2025, 9:15 p.m. | 2 hours, 19 minutes ago

Description : A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: An Echo In Here in here

How To Minimize The Environmental Impact Of Your Website

Progress adds AI coding assistance to Telerik and Kendo UI libraries

Wasm 3.0 standard is now officially complete

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

Distribution Release: Tails 7.0

Distribution Release: Security Onion 2.4.180

GenStudio for Performance Marketing: What’s New and What We’ve Learned

GenStudio for Performance Marketing: What’s New and What We’ve Learned

Agentic and Generative Commerce Can Elevate CX in B2B

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

CVE-2025-49593 – Portainer Exposed Registry Authentication Credentials Leakage

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Development Release: deepin 25 Beta

CVE-2025-53616 – Apache HTTP Server SQL Injection

CISA Warns of Critical Flaws in ControlID iDSecure Vehicle Control Software

Raspberry Pi 5 Desktop Mini PC: Installing Software

CVE-2013-10051 – InstantCMS PHP Code Execution Vulnerability

Google Warns Pixel 6a Users: Mandatory Update to Limit Battery Charging & Capacity Due to Overheating Risk

4Chan Outage Sparks Cyberattack Rumors and Data Leak Concerns

CVE-2025-6217 – PEAK-System PCANFD Driver Information Disclosure Kernel Vulnerability

CVE-2025-49593 – Portainer Exposed Registry Authentication Credentials Leakage

Related Posts