This page collects WhisperX intelligence signals tagged #container security. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical visibility gap exists for Kubernetes cluster operators. While tools like kube9 assess cluster security, there is currently no mechanism to collect or surface CVE-oriented data from container images, leaving a blind spot in the security posture. This lack of vulnerability intelligence hampers operators' abili...
A high-severity vulnerability, CVE-2024-12797, has been identified within the official `grafana/grafana-oss:11.5.2` container image. The flaw was detected during a routine security scan using the Trivy tool, raising immediate concerns for teams deploying this specific version of the popular open-source analytics platfo...
A critical security flaw in the Moby BuildKit toolchain has been patched, exposing container build pipelines to potential file system compromise. The vulnerability, tracked as CVE-2026-33747, allows a maliciously crafted custom BuildKit frontend to write files outside the designated BuildKit state directory. This direc...
A critical security scan has flagged the official StashApp container image with two severe vulnerabilities, including a critical authorization bypass that enables arbitrary SQL execution. The automated scan, conducted on March 19, 2026, identified the flaws in the `stashapp/stash:latest` image, raising immediate concer...
An automated security fix process has exposed a cluster of critical vulnerabilities (CVEs) embedded within the core system libraries of widely used container base images. The automated pull request, generated on March 30, 2026, reveals that Debian and Alpine Linux distributions are shipping packages with known, unpatch...
A critical security re-scan has flagged a previously approved container image as ineligible for deployment. The image `n8n-trusted:2.14.2`, used in automated workflows, now contains vulnerabilities that breach the current security promotion criteria based on age, known exploited vulnerabilities (KEV), and exploit predi...
A critical security flaw in the Moby BuildKit toolchain has been patched, exposing container build pipelines to potential file system compromise. The vulnerability, tracked as CVE-2026-33747, allows a malicious or compromised BuildKit frontend to write files outside the designated BuildKit state directory. This path tr...
Kubernetes 확장 플랫폼 KubePlus의 4.1.4 버전에 심각한 서버 측 요청 위조(SSRF) 취약점이 존재한다. 이 취약점(CVE-2026-29954)은 CVSS 7.6의 높은 위험도로 평가되며, 공격자가 내부 네트워크를 탐색하거나 임의의 HTTP 헤더를 주입하고 명령어를 실행할 수 있는 경로를 열어준다. 취약점의 핵심은 ResourceComposition 리소스의 'chartURL' 필드를 처리하는 mutating webhook 및 kubeconfiggenerator 컴포넌트가 URL 인코딩만 수행하고 대상 주소를 검증하지 않아 발생하는 SSRF에 있다...
An automated nightly security scan has flagged a CRITICAL-severity vulnerability, CVE-2025-68121, within the widely used `stdlib` package. The finding, classified at the highest SARIF 'error' level, indicates a potentially severe flaw that could be exploited in affected systems. This detection originated from a routine...
A high-severity vulnerability, CVE-2026-33416, has been automatically detected in a series of official PHP container images, exposing deployments based on Alpine Linux 3.23. The flaw originates from an outdated `libpng` library (version 1.6.55-r0) within the Alpine 3.23.3 base layer, which lacks the security fix availa...
A critical security scan has flagged a high-severity vulnerability, CVE-2026-33636, actively present in multiple production-ready PHP container images. The flaw stems from an outdated `libpng` library (version 1.6.55-r0) within the Alpine Linux 3.23.3 base image, for which a fixed version (1.6.56-r0) is available. This...
A critical security scan has flagged a high-severity vulnerability, CVE-2026-32636, that remains unresolved in container images built on Alpine Linux 3.23. The flaw, detected by automated Trivy scans, is actively present in specific PHP 8.5 images, indicating a persistent supply chain risk for developers and deployment...
A critical security vulnerability, CVE-2026-30937, remains unresolved in specific PHP container images, posing a persistent medium-severity risk. An automated Trivy scan confirmed the flaw is still present even after a rebuild, indicating a deeper dependency issue within the Alpine Linux 3.23.3 base layer. The vulnerab...
A critical security vulnerability, CVE-2026-31853, remains unresolved in specific PHP container images, posing a persistent medium-severity risk. Automated scans confirm the flaw is still present even after rebuild attempts, indicating a systemic patching failure within the affected software supply chain. This unresolv...
A critical security vulnerability, CVE-2026-30936, remains unpatched in specific PHP container images, posing a persistent medium-severity risk. Automated scans confirm the flaw is still present even after rebuild attempts, indicating a systemic issue with the underlying Alpine Linux base image. This unresolved exposur...
An automated Trivy security scan has flagged a persistent, unresolved vulnerability in critical container images. The medium-severity flaw, CVE-2026-30935, remains active in PHP 8.5 images built on the Alpine Linux 3.23.3 base, specifically affecting both the `cli` and `fpm` variants. Despite a rebuild attempt, the vul...
A critical security vulnerability, CVE-2026-30931, remains unresolved in widely used PHP container images, posing a persistent high-severity risk. An automated Trivy scan has confirmed the flaw is still present even after rebuild attempts, indicating a systemic issue within the underlying Alpine Linux 3.23.3 base layer...
A critical security vulnerability, CVE-2026-30929, remains unpatched in widely used PHP container images, exposing deployments to a high-severity risk. An automated Trivy scan has confirmed the flaw persists even after rebuild attempts, indicating a systemic issue within the upstream Alpine Linux 3.23 branch. The vulne...
A critical security vulnerability, CVE-2026-30883, remains unpatched in widely used PHP container images, posing a persistent high-severity risk. An automated Trivy scan has confirmed the flaw is still present even after rebuild attempts, indicating a systemic supply chain issue. The vulnerability is rooted in outdated...
A critical security vulnerability, CVE-2026-28691, remains unresolved in specific PHP container images, posing a persistent high-severity risk. Automated scans by Trivy have confirmed the flaw is still present even after rebuild attempts, indicating a systemic issue with the underlying base image. The vulnerability is ...