Skip to main content

Docker

814 CVEs product

Monthly

CVE-2026-33075 HIGH This Week

FastGPT versions 4.14.8.3 and below contain a critical arbitrary code execution vulnerability in the fastgpt-preview-image.yml GitHub Actions workflow that allows external contributors to execute malicious code and exfiltrate repository secrets. The vulnerability stems from unsafe use of pull_request_target with attacker-controlled Dockerfile builds that are pushed to the production container registry, enabling both direct compromise and supply chain attacks. No patch was available at the time of public disclosure, making this an unpatched remote code execution affecting the AI Agent building platform across affected versions.

RCE Docker
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-33037 HIGH PATCH This Week

WWBN AVideo open source video platform versions 25.0 and below ship with a hardcoded default administrator password ('password') in official Docker deployment files that is automatically used during installation without any forced change mechanism. Attackers can gain immediate administrative access to unpatched instances, enabling user data exposure, content manipulation, and potential remote code execution via file upload and plugin management features. The issue is compounded by weak MD5 password hashing and similarly insecure default database credentials (avideo/avideo).

RCE Information Disclosure Docker
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-32038 npm CRITICAL PATCH Act Now

A sandbox network isolation bypass vulnerability in OpenClaw allows trusted operators to escape container network boundaries and join other containers' network namespaces. OpenClaw versions before 2026.2.24 are affected, enabling attackers who have operator privileges to configure the docker.network parameter with 'container:<id>' values to reach services in target container namespaces and bypass network segmentation controls. The vulnerability has a critical CVSS score of 9.8 but requires trusted operator access, and there is no evidence of active exploitation in KEV or high EPSS probability.

Authentication Bypass Docker
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-33354 PHP HIGH PATCH This Week

Authenticated file read vulnerability in PHP and Docker deployments allows users to exfiltrate arbitrary files from the server by exploiting insufficient path validation in the video upload endpoint, which copies attacker-specified local files to publicly accessible storage. An authenticated attacker can leverage this to read sensitive files from broad server directories including application roots, cache, and temporary locations. No patch is currently available, and the vulnerability carries a 10% exploit prediction score.

PHP RCE Docker
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
10.0%
CVE-2026-33322 Go CRITICAL PATCH Act Now

JWT algorithm confusion in MinIO's OpenID Connect authentication enables attackers with knowledge of the OIDC ClientSecret to forge identity tokens and obtain S3 credentials with unrestricted IAM policies, including administrative access. Affected users can have their identities impersonated and their data accessed, modified, or deleted with 100% attack success rate. The vulnerability impacts MinIO deployments across Docker, Apple, and Microsoft platforms, with no patch currently available.

Information Disclosure Docker Apple Microsoft Suse
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.0%
CVE-2026-33309 PyPI CRITICAL POC PATCH GHSA Act Now

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory.

RCE Python Docker Path Traversal Canonical
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-33241 Cargo HIGH PATCH This Week

Salvo web framework's form data parsing functions fail to enforce payload size limits before loading request bodies into memory, allowing attackers to trigger Out-of-Memory crashes by sending extremely large form payloads. This affects the Rust package salvo (pkg:rust/salvo) through multiple attack vectors including URL-encoded and multipart form data handling. A proof-of-concept demonstrates successful denial-of-service against containerized deployments with limited memory, and the vulnerability is publicly documented in GitHub security advisories GHSA-pp9r-xg4c-8j4x.

Denial Of Service File Upload Docker
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33231 PyPI HIGH PATCH GHSA This Week

The NLTK (Natural Language Toolkit) WordNet Browser HTTP server contains an unauthenticated shutdown vulnerability that allows any remote attacker to terminate the service with a single GET request to the '/SHUTDOWN THE SERVER' endpoint. This affects users running nltk.app.wordnet_app in its default mode, where the server binds to all network interfaces without authentication. A proof-of-concept exploit is publicly available demonstrating the denial-of-service attack, though EPSS and KEV data are not yet available for this recent CVE.

CSRF Denial Of Service Docker Python Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33230 PyPI MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability exists in NLTK's WordNet Browser application (nltk.app.wordnet_app) in the lookup_... route, where attacker-controlled word parameters are reflected into HTML responses without proper escaping. This vulnerability affects users running the local WordNet Browser server and allows attackers to inject and execute arbitrary JavaScript in the browser context of the affected application. A proof-of-concept exploit has been publicly demonstrated, and a vendor patch is available.

XSS Docker Python Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-33226 npm HIGH This Week

Budibase, a low-code platform distributed as a Docker/Kubernetes application, contains a Server-Side Request Forgery (SSRF) vulnerability in its REST datasource query preview endpoint. Authenticated admin users can force the server to make HTTP requests to arbitrary URLs including cloud metadata services, internal networks, and Kubernetes APIs. A detailed proof-of-concept exists demonstrating theft of GCP OAuth2 tokens with cloud-platform scope, CouchDB credential extraction, and internal service enumeration. The CVSS score of 8.7 reflects high confidentiality and integrity impact with changed scope, requiring high privileges but low attack complexity.

Microsoft Redis Google SSRF Docker +1
NVD GitHub VulDB
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-33203 Go HIGH PATCH This Week

The SiYuan kernel, a Go-based note-taking application, contains an authentication bypass vulnerability in its WebSocket server that allows unauthenticated attackers to crash the kernel process through malformed JSON messages. SiYuan kernel versions exposed via Docker or network-accessible deployments are affected, with the issue stemming from unsafe type assertions on attacker-controlled input after bypassing authentication via a specific query parameter pattern. A proof-of-concept demonstrating the attack exists in the GitHub advisory, and while CVSS rates this as 7.5 High severity for availability impact, real-world exploitation risk depends heavily on network exposure beyond localhost.

Authentication Bypass Docker Denial Of Service Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-33194 Go MEDIUM PATCH This Month

Docker's IsSensitivePath() function uses an incomplete denylist that fails to restrict access to sensitive directories including /opt, /usr, /home, /mnt, and /media, allowing authenticated users with high privileges to read arbitrary files outside the intended workspace through the globalCopyFiles and importStdMd endpoints. An attacker with administrative credentials could exploit this path traversal vulnerability to access sensitive configuration files and data from other users or mounted volumes. No patch is currently available for this medium-severity issue.

Path Traversal Docker Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-33143 npm HIGH PATCH This Week

The OneUptime monitoring platform (specifically version 10.0.23 and likely earlier versions) contains an authentication bypass vulnerability in its WhatsApp webhook handler that fails to verify the X-Hub-Signature-256 HMAC signature required by Meta/WhatsApp. Any unauthenticated remote attacker can send forged webhook payloads to manipulate notification delivery status records, suppress critical alerts, and corrupt audit trails. A working proof-of-concept exploit has been published demonstrating successful injection of arbitrary webhook events via simple HTTP POST requests with no authentication required.

Docker Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-32811 Go HIGH PATCH This Week

Heimdall, an authorization decision API for Envoy proxy, contains a path traversal bypass vulnerability when used in gRPC decision API mode. Attackers can bypass non-wildcard path expression rules by appending query parameters to URLs, which causes incorrect URL encoding that prevents rule matching. A proof-of-concept is publicly available demonstrating the bypass, though exploitation requires heimdall to be configured with an insecure 'allow all' default rule (which is blocked by secure defaults since v0.16.0 unless explicitly disabled).

Docker Authentication Bypass Suse
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-33060 npm MEDIUM PATCH This Month

The @aborruso/ckan-mcp-server MCP server contains a Server-Side Request Forgery (SSRF) vulnerability in its ckan_package_search, sparql_query, and ckan_datastore_search_sql tools, which accept an arbitrary base_url parameter without validation, allowing attackers to scan internal networks, exfiltrate cloud metadata credentials (including IAM tokens from 169.254.169.254), and potentially execute injection attacks. The vulnerability affects the npm package @aborruso/ckan-mcp-server (pkg:npm/@aborruso/ckan-mcp-server) and requires prompt injection to exploit, making attack complexity high; a proof-of-concept exists demonstrating 9 unthrottled HTTP requests to a canary endpoint, and patch availability exists from the vendor.

Docker SSRF
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-32767 Go CRITICAL PATCH Act Now

An authorization bypass vulnerability in SiYuan Note v3.6.0 and earlier allows any authenticated user, including those with read-only 'Reader' role privileges, to execute arbitrary SQL commands through the /api/search/fullTextSearchBlock endpoint when the method parameter is set to 2. This enables attackers to read, modify, or delete all data in the application's SQLite database, completely bypassing the application's role-based access controls. A detailed proof-of-concept demonstrates how Reader-role users can execute destructive SQL operations including dropping tables.

SQLi Docker Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32760 Go CRITICAL POC PATCH Act Now

Unauthenticated attackers can register administrator accounts in Docker when self-registration is enabled and default user permissions include admin privileges, as the signup handler fails to strip admin permissions from self-registered accounts. Public exploit code exists for this vulnerability. No patch is currently available.

Privilege Escalation Docker Suse
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-32759 Go MEDIUM PATCH This Month

Docker TUS resumable upload handler allows authenticated users to trigger arbitrary `after_upload` hooks unlimited times by supplying a negative value in the Upload-Length header, causing command execution with zero bytes actually uploaded. The integer overflow flaw in the completion logic (CWE-190) bypasses file upload requirements and enables privilege escalation through hook execution. No patch is currently available.

Integer Overflow Command Injection Denial Of Service Docker
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.0%
CVE-2026-32751 Go CRITICAL PATCH Act Now

SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Docker RCE XSS Node.js Command Injection +4
NVD GitHub VulDB
CVSS 3.1
9.0
EPSS
0.4%
CVE-2026-32750 Go MEDIUM PATCH This Month

SiYuan Note contains an unrestricted path traversal vulnerability in the POST /api/import/importStdMd endpoint that allows authenticated administrators to recursively import arbitrary files from the host filesystem into the workspace database without any validation or blocklisting. Affected versions of SiYuan (pkg:go/github.com_siyuan-note_siyuan) allow admin users to permanently store sensitive files such as /proc/, /etc/, /run/secrets/, and other system directories as searchable note content, making them accessible to other workspace users including those with limited privileges. A proof-of-concept has been published demonstrating import of /proc/1/ and /run/secrets/, and when chained with separate SQL injection vulnerabilities in the renderSprig template function, non-admin users can retrieve imported secrets without additional privileges.

Path Traversal SQLi Docker Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-32749 Go HIGH PATCH This Week

Path traversal in Python and Docker import endpoints allows authenticated administrators to write files to arbitrary filesystem locations by injecting directory traversal sequences in multipart upload filenames, potentially enabling remote code execution through placement of malicious files in executable paths. The vulnerability affects the POST /api/import/importSY and POST /api/import/importZipMd endpoints which fail to sanitize user-supplied filenames before constructing file write paths. No patch is currently available.

Python Docker Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-32747 Go MEDIUM PATCH This Month

Administrative users of Docker and PostgreSQL deployments can exploit an incomplete path validation in the `POST /api/file/globalCopyFiles` endpoint to copy sensitive files like container environment variables and Docker secrets from restricted locations (`/proc/`, `/run/secrets/`) into the workspace, where they become readable via standard file APIs. The vulnerability stems from reliance on a blocklist-based validation mechanism that fails to prevent access to these critical system paths. Since no patch is currently available, organizations should restrict administrative access to the affected API endpoint until an update is released.

Docker PostgreSQL Path Traversal Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-32610 PyPI HIGH PATCH This Week

A critical CORS misconfiguration in the Glances system monitoring tool's REST API allows any website to steal sensitive system information from users who visit a malicious page while having access to a Glances instance. The vulnerability affects all versions prior to 4.5.2 and enables cross-origin theft of system stats, configuration secrets, database passwords, API keys, and command-line arguments. A proof-of-concept is publicly available, though no active exploitation has been reported yet.

Python Information Disclosure Docker Cors Misconfiguration Suse
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-32608 PyPI HIGH PATCH This Week

Glances monitoring system allows local attackers with limited privileges to execute arbitrary commands by injecting shell metacharacters into process or container names, which bypass command sanitization in the action execution handler. The vulnerability affects the threshold alert system that dynamically executes administrator-configured shell commands populated with runtime monitoring data. An attacker controlling a process name or container name can manipulate command parsing to break out of intended command boundaries and inject malicious commands.

Privilege Escalation Nginx Python Command Injection Docker +1
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-32596 PyPI HIGH POC PATCH GHSA This Week

Glances web server exposes its REST API without authentication by default when started with the -w flag, allowing unauthenticated remote attackers to access sensitive system information including process details that may contain credentials such as passwords and API keys. The vulnerability affects Python and Docker deployments where Glances is exposed to untrusted networks due to the server binding to 0.0.0.0 with authentication disabled by default. A patch is available to address this configuration vulnerability.

Python Docker Information Disclosure Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-27962 PyPI CRITICAL PATCH Act Now

A critical authentication bypass vulnerability in authlib's JWT signature verification allows attackers to forge arbitrary tokens by injecting their own cryptographic keys through the JWT header. The flaw affects all versions of authlib prior to 1.6.9 when applications use key resolution callbacks that can return None (common in JWKS-based authentication flows). A working proof-of-concept exists demonstrating complete authentication bypass, enabling attackers to impersonate any user or assume administrative privileges without valid credentials.

Docker Python Deserialization Jwt Attack
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-10461 MEDIUM This Month

A arbitrary file access vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Docker
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-32704 Go MEDIUM POC PATCH This Month

CVE-2026-32704 is a security vulnerability (CVSS 6.5). Risk factors: public PoC available.

Authentication Bypass Docker Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-32598 npm MEDIUM PATCH This Month

OneUptime versions prior to 10.0.24 contain a sensitive information exposure vulnerability where the password reset flow logs complete password reset URLs containing plaintext reset tokens at the INFO log level, which is enabled by default in production environments. Any actor with access to application logs-including log aggregation systems, Docker logs, or Kubernetes pod logs-can extract these tokens and perform account takeover on any user. The vulnerability is fixed in version 10.0.24.

Kubernetes Docker Information Disclosure Oneuptime
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-31886 Go CRITICAL PATCH Act Now

Path traversal via dagRunId in DAG execution endpoints.

Python Authentication Bypass Denial Of Service Path Traversal Docker +1
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.1%
CVE-2023-1289 NuGet MEDIUM POC PATCH This Month

Medium severity vulnerability in ImageMagick. # Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS.

Denial Of Service PHP Debian Docker Red Hat +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-27573 CRITICAL Act Now

Default credentials in netbox-docker before 2.5.0.

Docker Information Disclosure
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-30953 HIGH This Week

Server-side request forgery in LinkAce allows authenticated users to make arbitrary HTTP requests to internal network addresses and cloud metadata endpoints by providing malicious URLs during link creation, bypassing validation controls that exist elsewhere in the application. An attacker with valid credentials can exploit this to access Docker service hostnames, internal services, and sensitive metadata endpoints. No patch is currently available for this vulnerability affecting PHP-based LinkAce deployments.

PHP Docker SSRF Linkace
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-30247 Go MEDIUM POC PATCH This Month

WeKnora's document import feature is vulnerable to Server-Side Request Forgery through HTTP redirects, allowing unauthenticated remote attackers to bypass URL validation controls and access internal services despite backend protections against private IPs and metadata endpoints. The vulnerability affects WeKnora versions prior to 0.2.12 when deployed in Docker environments, where host.docker.internal addresses are not blocked. Public exploit code exists and no patch is currently available.

Docker SSRF AI / ML Weknora Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-29093 PHP HIGH This Week

Memcached session storage exposure in AVideo prior to version 24.0 allows unauthenticated remote attackers to read, modify, or delete user sessions by accessing the publicly exposed memcached service on port 11211. An attacker with network access to this port can hijack admin accounts, impersonate users, or destroy all active sessions without any authentication. This affects the official Docker deployment configuration for PHP, Docker, and AVideo products.

PHP Docker Authentication Bypass Avideo
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-28479 npm HIGH PATCH This Week

OpenClaw versions up to 2026.2.15 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Docker Information Disclosure Openclaw
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-15558 Go HIGH PATCH GHSA This Week

Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.

Docker Command Line Interface Microsoft Privilege Escalation
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-28406 Go HIGH PATCH This Week

Path traversal in Kaniko 1.25.4 through 1.25.9 allows attackers to extract tar archives outside the intended destination directory, enabling arbitrary file writes on the build system. When combined with Docker credential helpers in registry authentication scenarios, this vulnerability can be leveraged for code execution within the Kaniko executor process. Docker and Kubernetes environments using the affected Kaniko versions are at risk.

Docker Kubernetes Kaniko RCE Path Traversal
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-28400 HIGH This Week

and deploy AI models using Docker. versions up to 1.0.16 contains a security vulnerability (CVSS 7.5).

Docker AI / ML
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28355 This Week

Canarytokens help track activity and actions on a network. Versions prior to `sha-7ff0e12` have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with.

Docker XSS
NVD GitHub
EPSS
0.1%
CVE-2026-27734 Go MEDIUM POC PATCH This Month

Path traversal in Beszel hub's container API endpoints allows authenticated users, including those with read-only roles, to bypass validation and access arbitrary Docker Engine API endpoints on agent hosts through improper URL path construction. This exposure of sensitive infrastructure details affects Beszel versions prior to 0.18.4 and Docker integrations, with public exploit code already available. The vulnerability requires valid authentication but no special privileges, making it exploitable by low-privileged users in multi-tenant environments.

Docker Beszel Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27899 Go HIGH PATCH This Week

Privilege escalation in WireGuard Portal prior to version 2.1.3 allows authenticated non-admin users to gain full administrator access by modifying their own user profile with an IsAdmin flag set to true. The vulnerability exists because the server fails to properly validate and restrict the IsAdmin field during profile updates, allowing the privilege change to persist after re-authentication. Affected deployments require immediate patching to version 2.1.3 or later to prevent unauthorized administrative access.

Docker Wireguard Wireguard Portal Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27208 CRITICAL Act Now

OS command injection in bleon-ethical/api-gateway-deploy npm package version 1.0.0. Attack chain enables remote code execution through crafted API gateway deployment configuration.

Docker Privilege Escalation Command Injection Api Gateway Deploy
NVD GitHub
CVSS 3.1
9.2
EPSS
0.2%
CVE-2026-2664 HIGH This Week

Local privilege escalation via out-of-bounds memory read in Docker Desktop's grpcfuse kernel module (versions up to 4.61.0) on Linux, Windows, and macOS allows authenticated local attackers to achieve complete system compromise through manipulation of /proc/docker entries. The vulnerability requires local access and valid user credentials but enables reading and modifying arbitrary kernel memory with high impact on confidentiality, integrity, and availability. Docker Desktop 4.62.0 and later resolve this issue.

Linux Windows macOS Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27466 HIGH POC PATCH This Week

BigBlueButton versions 3.0.21 and below allow remote denial of service when ClamAV is configured following official documentation, as the exposed clamd ports (3310, 7357) can be targeted by attackers to send malicious documents that exhaust server resources or crash the scanning service. This vulnerability affects Ubuntu and Docker deployments since standard firewall rules do not restrict container traffic, and public exploit code exists. An unauthenticated remote attacker requires only network access to trigger the denial of service condition.

Ubuntu Docker Denial Of Service Bigbluebutton
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-27211 CRITICAL PATCH Act Now

Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.

KVM Linux Information Disclosure Path Traversal Docker +2
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-27007 npm LOW PATCH Monitor

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. [CVSS 3.3 LOW]

Docker
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-27002 npm CRITICAL PATCH Act Now

Configuration injection in OpenClaw Docker sandbox before 2026.2.15 allows escaping sandbox restrictions. Patch available.

.NET Docker DNS AI / ML Openclaw
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-26189 MEDIUM PATCH This Month

Trivy Action versions 0.31.0 through 0.33.1 allow remote code execution on GitHub Actions runners due to insufficient input sanitization when constructing shell environment variable exports. An attacker with repository access can inject shell metacharacters through action inputs to achieve arbitrary command execution in the runner context. The vulnerability requires high privileges to exploit and is addressed in version 0.34.0.

Docker Github Command Injection Trivy Action
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2026-2733 Maven LOW Monitor

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. [CVSS 3.8 LOW]

Docker
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2026-26217 PyPI CRITICAL PATCH GHSA Act Now

Arbitrary local file disclosure in Crawl4AI's Docker API (versions before 0.8.0) lets unauthenticated remote attackers read any file on the server by supplying file:// URLs to the /execute_js, /screenshot, /pdf, and /html endpoints. Because the API validates no scheme, an attacker can exfiltrate /etc/passwd, /etc/shadow, application config, and process environment via /proc/self/environ - directly exposing credentials and API keys. Publicly documented in GitHub advisory GHSA-vx9w-5cx4-9796 with a working request example; no public exploit identified as active exploitation, and EPSS is low (0.06%, 19th percentile).

Docker Crawl4ai Path Traversal
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-26216 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code in hooks that executes on the server. EPSS 0.28%.

Python Docker RCE Crawl4ai Code Injection +1
NVD GitHub VulDB
CVSS 4.0
10.0
EPSS
0.3%
CVE-2026-25725 npm CRITICAL PATCH Act Now

Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.

Privilege Escalation Code Injection RCE Docker Linux +2
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-24851 Go HIGH PATCH This Week

Improper policy enforcement in OpenFGA versions 1.8.5 through 1.11.2 (and corresponding Helm Chart and Docker releases) allows authenticated users to bypass authorization checks through specially crafted tuple configurations that mix type-bound public and non-public access policies. An attacker with valid credentials can exploit mismatched tuple assignments to gain unauthorized access to protected resources by leveraging lexicographic object ID ordering in the authorization engine. No patch is currently available.

Docker Openfga Helm Charts Red Hat Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14740 MEDIUM This Month

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]

Windows Docker Race Condition RCE
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-24763 npm HIGH PATCH This Week

Command injection in OpenClaw's Docker sandbox execution allows authenticated users to manipulate the PATH environment variable and execute arbitrary commands within containers prior to version 2026.1.29. An attacker with valid credentials and ability to control environment variables could achieve code execution within the containerized AI assistant. A patch is available in version 2026.1.29 and later.

Docker Command Injection AI / ML Openclaw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-25153 npm HIGH PATCH This Week

Arbitrary Python code execution in Backstage's @backstage/plugin-techdocs-node (versions < 1.13.11 and = 1.14.0) lets a contributor who can add or edit a repository's mkdocs.yml inject a malicious MkDocs `hooks` directive that runs on the TechDocs build server whenever TechDocs is configured with `runIn: local`. The flaw also affects documentation built in CI/CD via @techdocs/cli, which bundles the same package. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the CVSS of 8.8 reflects full host compromise of the build environment.

Python Node.js Docker Backstage Code Injection +1
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25152 npm MEDIUM PATCH This Month

Backstage TechDocs plugin versions prior to 1.13.11 and 1.14.1 contain a path traversal vulnerability that allows authenticated attackers to read arbitrary files from the host filesystem when the local generator is enabled. The vulnerability stems from insufficient symlink validation during the documentation build process, enabling attackers to embed sensitive file contents into generated HTML accessible to documentation viewers. Organizations using `techdocs.generator.runIn: local` with untrusted documentation sources are at risk until patching to the fixed versions.

Node.js Docker Path Traversal Backstage Red Hat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1665 This Week

A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the curl code path).

Docker Command Injection
NVD GitHub
EPSS
0.0%
CVE-2026-25116 HIGH POC This Week

Runtipi versions 4.5.0 through 4.7.1 contain an unauthenticated path traversal vulnerability in the UserConfigController that allows remote attackers to overwrite the docker-compose.yml configuration file through insecure URN parsing. An attacker can inject a malicious stack configuration that executes arbitrary code when the instance restarts, achieving full remote code execution and host compromise. Public exploit code exists and no patch is currently available.

Docker RCE Path Traversal Runtipi
NVD GitHub
CVSS 3.1
7.6
EPSS
0.1%
CVE-2026-24845 Go MEDIUM PATCH This Month

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. [CVSS 6.5 MEDIUM]

Docker Malcontent Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24841 CRITICAL POC PATCH Act Now

Dokploy self-hosted PaaS prior to 0.26.6 has a critical command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands on the host.

Docker Command Injection Dokploy
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-24740 Go CRITICAL POC PATCH Act Now

Critical access control flaw in Dozzle Docker log viewer allows users restricted by label filters to escape their scope and obtain an interactive root shell on out-of-scope containers. PoC available, patch in v9.0.3.

Docker Dozzle Suse
NVD GitHub
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-24123 PyPI HIGH PATCH This Week

BentoML versions prior to 1.4.34 allow path traversal attacks through improperly validated file path fields in bentofile.yaml configurations, enabling attackers to embed arbitrary files from the victim's system into bento archives during the build process. This vulnerability can be exploited to exfiltrate sensitive data such as credentials, SSH keys, and environment variables into supply chain artifacts that may be pushed to registries or deployed in production environments. A patch is available in version 1.4.34.

Python Docker Path Traversal AI / ML Bentoml
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-24129 HIGH POC PATCH This Week

Runtipi versions 3.7.0 through 4.6.x suffer from arbitrary command execution when authenticated users upload backups with malicious filenames containing shell metacharacters, which the BackupManager fails to sanitize before executing restore operations. An attacker with valid credentials can craft a backup filename like $(id).tar.gz to achieve remote code execution on the host server with the privileges of the Runtipi process. Public exploit code exists for this vulnerability, and patches are available in version 4.7.0 and later.

Docker Runtipi
NVD GitHub
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-23944 CRITICAL PATCH Act Now

Arcane Docker management interface prior to 1.13.2 has missing authentication, allowing unauthenticated attackers to manage Docker containers, images, and networks on the host.

Docker Arcane
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-23846 HIGH POC PATCH This Week

Tugtainer versions before 1.16.1 transmit authentication credentials through URL query parameters rather than request bodies, causing passwords to be exposed in server logs, browser history, and proxy logs. This exposure allows attackers with access to these logs or cached data to obtain valid credentials for the Docker container management system. Public exploit code exists for this vulnerability, and a patch is available in version 1.16.1.

Docker Tugtainer
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-0863 HIGH POC PATCH This Week

Authenticated users can exploit string formatting and exception handling in n8n's Python task executor to escape sandbox restrictions and execute arbitrary code on the underlying operating system, with full instance takeover possible in Internal execution mode. Public exploit code exists for this vulnerability, which affects n8n deployments running under Internal execution mode where the Python executor has direct OS access. External execution mode deployments using Docker sidecars have reduced impact as code execution is confined to the container rather than the main node.

Python Docker AI / ML N8n
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-23520 Go CRITICAL POC PATCH Act Now

Arcane Docker management tool before 1.13.0 has command injection in lifecycle labels. Container labels are passed to /bin/sh -c without sanitization, enabling RCE. PoC available.

Docker Command Injection Arcane Suse
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-69426 CRITICAL Act Now

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can...

Docker RCE
NVD
CVSS 4.0
10.0
EPSS
0.0%
CVE-2025-69222 CRITICAL POC PATCH Act Now

LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.

Docker SSRF AI / ML Librechat
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-61916 Maven HIGH PATCH This Week

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. [CVSS 7.9 HIGH]

Docker Kubernetes AWS Gitlab Github +2
NVD GitHub
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-64419 CRITICAL POC PATCH Act Now

Coolify before 4.0.0-beta.445 allows command injection through docker-compose.yaml parameters. If a victim creates an application from an attacker-controlled repository using the Docker Compose build pack, the attacker achieves root code execution on the Coolify instance. PoC available, patch available.

Docker Coolify
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-59156 HIGH POC This Week

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution (RCE)*vulnerability exists in Coolify's application deployment workflow. [CVSS 8.8 HIGH]

Docker RCE Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-66211 HIGH POC This Week

An authenticated command injection vulnerability in Coolify's PostgreSQL initialization script handling allows attackers with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and enables full remote code execution through unsanitized PostgreSQL init script filenames passed to shell commands. A public proof-of-concept exploit is available, and while not currently in CISA KEV, the vulnerability has a moderate EPSS score of 0.41% indicating some exploitation probability.

Command Injection PostgreSQL RCE Privilege Escalation Docker +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-66210 HIGH POC This Week

A command injection vulnerability in Coolify's Database Import functionality allows authenticated users with application/service management permissions to execute arbitrary system commands as root on managed servers. The vulnerability stems from unsanitized database names being passed directly to shell commands, enabling full remote code execution. A public proof-of-concept exploit is available, and with an EPSS score of 0.41% (61st percentile), this represents a moderate real-world exploitation risk for organizations using vulnerable Coolify versions.

Command Injection RCE Docker Linux Coolify
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-56157 CRITICAL POC Act Now

Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 allow anyone who can reach the database port to authenticate with full read/write access to the backend datastore. Publicly available exploit code exists, though EPSS remains low (0.81%) and the vendor states the database port is not network-exposed by default in 1.0.1 and later, limiting realistic reach. There is no public exploit identified as actively used in the wild (not in CISA KEV).

Authentication Bypass PostgreSQL Docker Dify
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2025-14651 LOW Monitor

MartialBE one-hub up to version 0.14.27 uses a hard-coded cryptographic key in the SESSION_SECRET environment variable of its default docker-compose.yml configuration, allowing remote attackers to potentially decrypt or forge session tokens with high attack complexity. The vulnerability requires non-standard deployment configurations and affects confidentiality rather than integrity or availability. Exploit code has been disclosed publicly, though active exploitation remains unconfirmed by CISA, and the vendor explicitly recommends against using the default Docker Compose example in production environments.

Docker Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-66577 MEDIUM POC PATCH This Month

A security vulnerability in cpp-httplib (CVSS 5.3) that allows attacker-controlled http headers. Risk factors: public PoC available. Vendor patch is available.

Docker Information Disclosure Ubuntu Debian Cpp Httplib +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-66570 CRITICAL POC PATCH Act Now

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

Authentication Bypass Docker Ubuntu Debian Cpp Httplib +1
NVD GitHub
CVSS 3.1
10.0
EPSS
0.0%
CVE-2025-13948 LOW Monitor

A security vulnerability in opsre go-ldap-admin (CVSS 5.6). Remediation should follow standard vulnerability management procedures.

Docker Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.9
EPSS
0.1%
CVE-2025-12744 HIGH POC PATCH This Week

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Docker Command Injection Red Hat Suse
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-12970 HIGH This Month

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Fluent Bit Docker
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-64751 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Google Authentication Bypass Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-10703 HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache Google SAP +5
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-10702 HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache Google SAP +4
NVD
CVSS 4.0
8.6
EPSS
0.4%
CVE-2025-52881 Go HIGH POC PATCH This Week

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Docker Information Disclosure Runc Red Hat Suse
NVD GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-11489 LOW POC Monitor

Symlink following in DesktopCommanderMCP up to version 0.2.13 allows local authenticated attackers to read files outside intended directory boundaries through the isPathAllowed function in filesystem.ts. The vulnerability requires local access and authenticated user privileges, with high attack complexity and low exploitability difficulty despite public availability of proof-of-concept code. This affects only unsupported product versions and carries minimal real-world risk (CVSS 1.1, EPSS 0.02%), though the vendor acknowledges the issue as a guardrail limitation rather than a hardened security boundary.

Docker Information Disclosure Desktopcommandermcp
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-59951 CRITICAL POC PATCH Act Now

Docker default credentials in Termix server management. PoC and patch available.

Nginx Docker Authentication Bypass Termix
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-34234 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.2
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH This Week

FastGPT versions 4.14.8.3 and below contain a critical arbitrary code execution vulnerability in the fastgpt-preview-image.yml GitHub Actions workflow that allows external contributors to execute malicious code and exfiltrate repository secrets. The vulnerability stems from unsafe use of pull_request_target with attacker-controlled Dockerfile builds that are pushed to the production container registry, enabling both direct compromise and supply chain attacks. No patch was available at the time of public disclosure, making this an unpatched remote code execution affecting the AI Agent building platform across affected versions.

RCE Docker
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

WWBN AVideo open source video platform versions 25.0 and below ship with a hardcoded default administrator password ('password') in official Docker deployment files that is automatically used during installation without any forced change mechanism. Attackers can gain immediate administrative access to unpatched instances, enabling user data exposure, content manipulation, and potential remote code execution via file upload and plugin management features. The issue is compounded by weak MD5 password hashing and similarly insecure default database credentials (avideo/avideo).

RCE Information Disclosure Docker
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A sandbox network isolation bypass vulnerability in OpenClaw allows trusted operators to escape container network boundaries and join other containers' network namespaces. OpenClaw versions before 2026.2.24 are affected, enabling attackers who have operator privileges to configure the docker.network parameter with 'container:<id>' values to reach services in target container namespaces and bypass network segmentation controls. The vulnerability has a critical CVSS score of 9.8 but requires trusted operator access, and there is no evidence of active exploitation in KEV or high EPSS probability.

Authentication Bypass Docker
NVD GitHub VulDB
EPSS 10% CVSS 7.6
HIGH PATCH This Week

Authenticated file read vulnerability in PHP and Docker deployments allows users to exfiltrate arbitrary files from the server by exploiting insufficient path validation in the video upload endpoint, which copies attacker-specified local files to publicly accessible storage. An authenticated attacker can leverage this to read sensitive files from broad server directories including application roots, cache, and temporary locations. No patch is currently available, and the vulnerability carries a 10% exploit prediction score.

PHP RCE Docker
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

JWT algorithm confusion in MinIO's OpenID Connect authentication enables attackers with knowledge of the OIDC ClientSecret to forge identity tokens and obtain S3 credentials with unrestricted IAM policies, including administrative access. Affected users can have their identities impersonated and their data accessed, modified, or deleted with 100% attack success rate. The vulnerability impacts MinIO deployments across Docker, Apple, and Microsoft platforms, with no patch currently available.

Information Disclosure Docker Apple +2
NVD GitHub VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrary files anywhere on the host system, leading to remote code execution. The vulnerability affects Langflow version 1.7.3 and earlier, where the multipart upload filename bypasses security checks due to missing boundary containment in the LocalStorageService layer. A proof-of-concept exploit is publicly available demonstrating successful arbitrary file write outside the intended user directory.

RCE Python Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Salvo web framework's form data parsing functions fail to enforce payload size limits before loading request bodies into memory, allowing attackers to trigger Out-of-Memory crashes by sending extremely large form payloads. This affects the Rust package salvo (pkg:rust/salvo) through multiple attack vectors including URL-encoded and multipart form data handling. A proof-of-concept demonstrates successful denial-of-service against containerized deployments with limited memory, and the vulnerability is publicly documented in GitHub security advisories GHSA-pp9r-xg4c-8j4x.

Denial Of Service File Upload Docker
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The NLTK (Natural Language Toolkit) WordNet Browser HTTP server contains an unauthenticated shutdown vulnerability that allows any remote attacker to terminate the service with a single GET request to the '/SHUTDOWN THE SERVER' endpoint. This affects users running nltk.app.wordnet_app in its default mode, where the server binds to all network interfaces without authentication. A proof-of-concept exploit is publicly available demonstrating the denial-of-service attack, though EPSS and KEV data are not yet available for this recent CVE.

CSRF Denial Of Service Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability exists in NLTK's WordNet Browser application (nltk.app.wordnet_app) in the lookup_... route, where attacker-controlled word parameters are reflected into HTML responses without proper escaping. This vulnerability affects users running the local WordNet Browser server and allows attackers to inject and execute arbitrary JavaScript in the browser context of the affected application. A proof-of-concept exploit has been publicly demonstrated, and a vendor patch is available.

XSS Docker Python +2
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Budibase, a low-code platform distributed as a Docker/Kubernetes application, contains a Server-Side Request Forgery (SSRF) vulnerability in its REST datasource query preview endpoint. Authenticated admin users can force the server to make HTTP requests to arbitrary URLs including cloud metadata services, internal networks, and Kubernetes APIs. A detailed proof-of-concept exists demonstrating theft of GCP OAuth2 tokens with cloud-platform scope, CouchDB credential extraction, and internal service enumeration. The CVSS score of 8.7 reflects high confidentiality and integrity impact with changed scope, requiring high privileges but low attack complexity.

Microsoft Redis Google +3
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The SiYuan kernel, a Go-based note-taking application, contains an authentication bypass vulnerability in its WebSocket server that allows unauthenticated attackers to crash the kernel process through malformed JSON messages. SiYuan kernel versions exposed via Docker or network-accessible deployments are affected, with the issue stemming from unsafe type assertions on attacker-controlled input after bypassing authentication via a specific query parameter pattern. A proof-of-concept demonstrating the attack exists in the GitHub advisory, and while CVSS rates this as 7.5 High severity for availability impact, real-world exploitation risk depends heavily on network exposure beyond localhost.

Authentication Bypass Docker Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Docker's IsSensitivePath() function uses an incomplete denylist that fails to restrict access to sensitive directories including /opt, /usr, /home, /mnt, and /media, allowing authenticated users with high privileges to read arbitrary files outside the intended workspace through the globalCopyFiles and importStdMd endpoints. An attacker with administrative credentials could exploit this path traversal vulnerability to access sensitive configuration files and data from other users or mounted volumes. No patch is currently available for this medium-severity issue.

Path Traversal Docker Suse
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The OneUptime monitoring platform (specifically version 10.0.23 and likely earlier versions) contains an authentication bypass vulnerability in its WhatsApp webhook handler that fails to verify the X-Hub-Signature-256 HMAC signature required by Meta/WhatsApp. Any unauthenticated remote attacker can send forged webhook payloads to manipulate notification delivery status records, suppress critical alerts, and corrupt audit trails. A working proof-of-concept exploit has been published demonstrating successful injection of arbitrary webhook events via simple HTTP POST requests with no authentication required.

Docker Authentication Bypass
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Heimdall, an authorization decision API for Envoy proxy, contains a path traversal bypass vulnerability when used in gRPC decision API mode. Attackers can bypass non-wildcard path expression rules by appending query parameters to URLs, which causes incorrect URL encoding that prevents rule matching. A proof-of-concept is publicly available demonstrating the bypass, though exploitation requires heimdall to be configured with an insecure 'allow all' default rule (which is blocked by secure defaults since v0.16.0 unless explicitly disabled).

Docker Authentication Bypass Suse
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The @aborruso/ckan-mcp-server MCP server contains a Server-Side Request Forgery (SSRF) vulnerability in its ckan_package_search, sparql_query, and ckan_datastore_search_sql tools, which accept an arbitrary base_url parameter without validation, allowing attackers to scan internal networks, exfiltrate cloud metadata credentials (including IAM tokens from 169.254.169.254), and potentially execute injection attacks. The vulnerability affects the npm package @aborruso/ckan-mcp-server (pkg:npm/@aborruso/ckan-mcp-server) and requires prompt injection to exploit, making attack complexity high; a proof-of-concept exists demonstrating 9 unthrottled HTTP requests to a canary endpoint, and patch availability exists from the vendor.

Docker SSRF
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

An authorization bypass vulnerability in SiYuan Note v3.6.0 and earlier allows any authenticated user, including those with read-only 'Reader' role privileges, to execute arbitrary SQL commands through the /api/search/fullTextSearchBlock endpoint when the method parameter is set to 2. This enables attackers to read, modify, or delete all data in the application's SQLite database, completely bypassing the application's role-based access controls. A detailed proof-of-concept demonstrates how Reader-role users can execute destructive SQL operations including dropping tables.

SQLi Docker Suse
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Unauthenticated attackers can register administrator accounts in Docker when self-registration is enabled and default user permissions include admin privileges, as the signup handler fails to strip admin permissions from self-registered accounts. Public exploit code exists for this vulnerability. No patch is currently available.

Privilege Escalation Docker Suse
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Docker TUS resumable upload handler allows authenticated users to trigger arbitrary `after_upload` hooks unlimited times by supplying a negative value in the Upload-Length header, causing command execution with zero bytes actually uploaded. The integer overflow flaw in the completion logic (CWE-190) bypasses file upload requirements and enables privilege escalation through hook execution. No patch is currently available.

Integer Overflow Command Injection Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

SiYuan's mobile file tree fails to sanitize notebook names in WebSocket rename events, allowing authenticated users to inject arbitrary HTML and JavaScript that executes in other clients' browsers. When combined with Electron's insecure configuration (nodeIntegration enabled, contextIsolation disabled), this stored XSS escalates to remote code execution with full Node.js privileges on affected desktop and mobile clients. The vulnerability affects users with notebook rename permissions across Docker, Node.js, Python, and Apple platforms.

Docker RCE XSS +6
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

SiYuan Note contains an unrestricted path traversal vulnerability in the POST /api/import/importStdMd endpoint that allows authenticated administrators to recursively import arbitrary files from the host filesystem into the workspace database without any validation or blocklisting. Affected versions of SiYuan (pkg:go/github.com_siyuan-note_siyuan) allow admin users to permanently store sensitive files such as /proc/, /etc/, /run/secrets/, and other system directories as searchable note content, making them accessible to other workspace users including those with limited privileges. A proof-of-concept has been published demonstrating import of /proc/1/ and /run/secrets/, and when chained with separate SQL injection vulnerabilities in the renderSprig template function, non-admin users can retrieve imported secrets without additional privileges.

Path Traversal SQLi Docker +1
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Path traversal in Python and Docker import endpoints allows authenticated administrators to write files to arbitrary filesystem locations by injecting directory traversal sequences in multipart upload filenames, potentially enabling remote code execution through placement of malicious files in executable paths. The vulnerability affects the POST /api/import/importSY and POST /api/import/importZipMd endpoints which fail to sanitize user-supplied filenames before constructing file write paths. No patch is currently available.

Python Docker Path Traversal +1
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Administrative users of Docker and PostgreSQL deployments can exploit an incomplete path validation in the `POST /api/file/globalCopyFiles` endpoint to copy sensitive files like container environment variables and Docker secrets from restricted locations (`/proc/`, `/run/secrets/`) into the workspace, where they become readable via standard file APIs. The vulnerability stems from reliance on a blocklist-based validation mechanism that fails to prevent access to these critical system paths. Since no patch is currently available, organizations should restrict administrative access to the affected API endpoint until an update is released.

Docker PostgreSQL Path Traversal +1
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A critical CORS misconfiguration in the Glances system monitoring tool's REST API allows any website to steal sensitive system information from users who visit a malicious page while having access to a Glances instance. The vulnerability affects all versions prior to 4.5.2 and enables cross-origin theft of system stats, configuration secrets, database passwords, API keys, and command-line arguments. A proof-of-concept is publicly available, though no active exploitation has been reported yet.

Python Information Disclosure Docker +2
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Glances monitoring system allows local attackers with limited privileges to execute arbitrary commands by injecting shell metacharacters into process or container names, which bypass command sanitization in the action execution handler. The vulnerability affects the threshold alert system that dynamically executes administrator-configured shell commands populated with runtime monitoring data. An attacker controlling a process name or container name can manipulate command parsing to break out of intended command boundaries and inject malicious commands.

Privilege Escalation Nginx Python +3
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Glances web server exposes its REST API without authentication by default when started with the -w flag, allowing unauthenticated remote attackers to access sensitive system information including process details that may contain credentials such as passwords and API keys. The vulnerability affects Python and Docker deployments where Glances is exposed to untrusted networks due to the server binding to 0.0.0.0 with authentication disabled by default. A patch is available to address this configuration vulnerability.

Python Docker Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

A critical authentication bypass vulnerability in authlib's JWT signature verification allows attackers to forge arbitrary tokens by injecting their own cryptographic keys through the JWT header. The flaw affects all versions of authlib prior to 1.6.9 when applications use key resolution callbacks that can return None (common in JWKS-based authentication flows). A working proof-of-concept exists demonstrating complete authentication bypass, enabling attackers to impersonate any user or assume administrative privileges without valid credentials.

Docker Python Deserialization +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A arbitrary file access vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Docker
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

CVE-2026-32704 is a security vulnerability (CVSS 6.5). Risk factors: public PoC available.

Authentication Bypass Docker Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

OneUptime versions prior to 10.0.24 contain a sensitive information exposure vulnerability where the password reset flow logs complete password reset URLs containing plaintext reset tokens at the INFO log level, which is enabled by default in production environments. Any actor with access to application logs-including log aggregation systems, Docker logs, or Kubernetes pod logs-can extract these tokens and perform account takeover on any user. The vulnerability is fixed in version 10.0.24.

Kubernetes Docker Information Disclosure +1
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Path traversal via dagRunId in DAG execution endpoints.

Python Authentication Bypass Denial Of Service +3
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Medium severity vulnerability in ImageMagick. # Specially crafted SVG file make segmentation fault and generate trash files in "/tmp", possible to leverage DoS.

Denial Of Service PHP Debian +3
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

Default credentials in netbox-docker before 2.5.0.

Docker Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.7
HIGH This Week

Server-side request forgery in LinkAce allows authenticated users to make arbitrary HTTP requests to internal network addresses and cloud metadata endpoints by providing malicious URLs during link creation, bypassing validation controls that exist elsewhere in the application. An attacker with valid credentials can exploit this to access Docker service hostnames, internal services, and sensitive metadata endpoints. No patch is currently available for this vulnerability affecting PHP-based LinkAce deployments.

PHP Docker SSRF +1
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM POC PATCH This Month

WeKnora's document import feature is vulnerable to Server-Side Request Forgery through HTTP redirects, allowing unauthenticated remote attackers to bypass URL validation controls and access internal services despite backend protections against private IPs and metadata endpoints. The vulnerability affects WeKnora versions prior to 0.2.12 when deployed in Docker environments, where host.docker.internal addresses are not blocked. Public exploit code exists and no patch is currently available.

Docker SSRF AI / ML +2
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Memcached session storage exposure in AVideo prior to version 24.0 allows unauthenticated remote attackers to read, modify, or delete user sessions by accessing the publicly exposed memcached service on port 11211. An attacker with network access to this port can hijack admin accounts, impersonate users, or destroy all active sessions without any authentication. This affects the official Docker deployment configuration for PHP, Docker, and AVideo products.

PHP Docker Authentication Bypass +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

OpenClaw versions up to 2026.2.15 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5).

Docker Information Disclosure Openclaw
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.

Docker Command Line Interface Microsoft +1
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Path traversal in Kaniko 1.25.4 through 1.25.9 allows attackers to extract tar archives outside the intended destination directory, enabling arbitrary file writes on the build system. When combined with Docker credential helpers in registry authentication scenarios, this vulnerability can be leveraged for code execution within the Kaniko executor process. Docker and Kubernetes environments using the affected Kaniko versions are at risk.

Docker Kubernetes Kaniko +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

and deploy AI models using Docker. versions up to 1.0.16 contains a security vulnerability (CVSS 7.5).

Docker AI / ML
NVD GitHub
EPSS 0%
This Week

Canarytokens help track activity and actions on a network. Versions prior to `sha-7ff0e12` have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with.

Docker XSS
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Path traversal in Beszel hub's container API endpoints allows authenticated users, including those with read-only roles, to bypass validation and access arbitrary Docker Engine API endpoints on agent hosts through improper URL path construction. This exposure of sensitive infrastructure details affects Beszel versions prior to 0.18.4 and Docker integrations, with public exploit code already available. The vulnerability requires valid authentication but no special privileges, making it exploitable by low-privileged users in multi-tenant environments.

Docker Beszel Suse
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in WireGuard Portal prior to version 2.1.3 allows authenticated non-admin users to gain full administrator access by modifying their own user profile with an IsAdmin flag set to true. The vulnerability exists because the server fails to properly validate and restrict the IsAdmin field during profile updates, allowing the privilege change to persist after re-authentication. Affected deployments require immediate patching to version 2.1.3 or later to prevent unauthorized administrative access.

Docker Wireguard Wireguard Portal +1
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL Act Now

OS command injection in bleon-ethical/api-gateway-deploy npm package version 1.0.0. Attack chain enables remote code execution through crafted API gateway deployment configuration.

Docker Privilege Escalation Command Injection +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation via out-of-bounds memory read in Docker Desktop's grpcfuse kernel module (versions up to 4.61.0) on Linux, Windows, and macOS allows authenticated local attackers to achieve complete system compromise through manipulation of /proc/docker entries. The vulnerability requires local access and valid user credentials but enables reading and modifying arbitrary kernel memory with high impact on confidentiality, integrity, and availability. Docker Desktop 4.62.0 and later resolve this issue.

Linux Windows macOS +2
NVD
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

BigBlueButton versions 3.0.21 and below allow remote denial of service when ClamAV is configured following official documentation, as the exposed clamd ports (3310, 7357) can be targeted by attackers to send malicious documents that exhaust server resources or crash the scanning service. This vulnerability affects Ubuntu and Docker deployments since standard firewall rules do not restrict container traffic, and public exploit code exists. An unauthenticated remote attacker requires only network access to trigger the denial of service condition.

Ubuntu Docker Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Arbitrary host file exfiltration from Cloud Hypervisor VMM versions 34.0-50.0. CVSS 10.0. Patch available.

KVM Linux Information Disclosure +4
NVD GitHub
EPSS 0% CVSS 3.3
LOW PATCH Monitor

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. [CVSS 3.3 LOW]

Docker
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Configuration injection in OpenClaw Docker sandbox before 2026.2.15 allows escaping sandbox restrictions. Patch available.

.NET Docker DNS +2
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Trivy Action versions 0.31.0 through 0.33.1 allow remote code execution on GitHub Actions runners due to insufficient input sanitization when constructing shell environment variable exports. An attacker with repository access can inject shell metacharacters through action inputs to achieve arbitrary command execution in the runner context. The vulnerability requires high privileges to exploit and is addressed in version 0.34.0.

Docker Github Command Injection +1
NVD GitHub
EPSS 0% CVSS 3.8
LOW Monitor

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. [CVSS 3.8 LOW]

Docker
NVD
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Arbitrary local file disclosure in Crawl4AI's Docker API (versions before 0.8.0) lets unauthenticated remote attackers read any file on the server by supplying file:// URLs to the /execute_js, /screenshot, /pdf, and /html endpoints. Because the API validates no scheme, an attacker can exfiltrate /etc/passwd, /etc/shadow, application config, and process environment via /proc/self/environ - directly exposing credentials and API keys. Publicly documented in GitHub advisory GHSA-vx9w-5cx4-9796 with a working request example; no public exploit identified as active exploitation, and EPSS is low (0.06%, 19th percentile).

Docker Crawl4ai Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Remote code execution in Crawl4AI Docker API before 0.8.0 via hooks parameter. The /crawl endpoint accepts Python code in hooks that executes on the server. EPSS 0.28%.

Python Docker RCE +3
NVD GitHub VulDB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.

Privilege Escalation Code Injection RCE +4
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Improper policy enforcement in OpenFGA versions 1.8.5 through 1.11.2 (and corresponding Helm Chart and Docker releases) allows authenticated users to bypass authorization checks through specially crafted tuple configurations that mix type-bound public and non-public access policies. An attacker with valid credentials can exploit mismatched tuple assignments to gain unauthorized access to protected resources by leveraging lexicographic object ID ordering in the authorization engine. No patch is currently available.

Docker Openfga Helm Charts +2
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. [CVSS 6.7 MEDIUM]

Windows Docker Race Condition +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Command injection in OpenClaw's Docker sandbox execution allows authenticated users to manipulate the PATH environment variable and execute arbitrary commands within containers prior to version 2026.1.29. An attacker with valid credentials and ability to control environment variables could achieve code execution within the containerized AI assistant. A patch is available in version 2026.1.29 and later.

Docker Command Injection AI / ML +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary Python code execution in Backstage's @backstage/plugin-techdocs-node (versions < 1.13.11 and = 1.14.0) lets a contributor who can add or edit a repository's mkdocs.yml inject a malicious MkDocs `hooks` directive that runs on the TechDocs build server whenever TechDocs is configured with `runIn: local`. The flaw also affects documentation built in CI/CD via @techdocs/cli, which bundles the same package. EPSS is very low (0.02%, 6th percentile) and there is no public exploit identified at time of analysis, but the CVSS of 8.8 reflects full host compromise of the build environment.

Python Node.js Docker +3
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Backstage TechDocs plugin versions prior to 1.13.11 and 1.14.1 contain a path traversal vulnerability that allows authenticated attackers to read arbitrary files from the host filesystem when the local generator is enabled. The vulnerability stems from insufficient symlink validation during the documentation build process, enabling attackers to embed sensitive file contents into generated HTML accessible to documentation viewers. Organizations using `techdocs.generator.runIn: local` with untrusted documentation sources are at risk until patching to the fixed versions.

Node.js Docker Path Traversal +2
NVD GitHub
EPSS 0%
This Week

A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the curl code path).

Docker Command Injection
NVD GitHub
EPSS 0% CVSS 7.6
HIGH POC This Week

Runtipi versions 4.5.0 through 4.7.1 contain an unauthenticated path traversal vulnerability in the UserConfigController that allows remote attackers to overwrite the docker-compose.yml configuration file through insecure URN parsing. An attacker can inject a malicious stack configuration that executes arbitrary code when the instance restarts, achieving full remote code execution and host compromise. Public exploit code exists and no patch is currently available.

Docker RCE Path Traversal +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. [CVSS 6.5 MEDIUM]

Docker Malcontent Suse
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

Dokploy self-hosted PaaS prior to 0.26.6 has a critical command injection vulnerability (CVSS 9.9) allowing authenticated users to execute arbitrary OS commands on the host.

Docker Command Injection Dokploy
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

Critical access control flaw in Dozzle Docker log viewer allows users restricted by label filters to escape their scope and obtain an interactive root shell on out-of-scope containers. PoC available, patch in v9.0.3.

Docker Dozzle Suse
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

BentoML versions prior to 1.4.34 allow path traversal attacks through improperly validated file path fields in bentofile.yaml configurations, enabling attackers to embed arbitrary files from the victim's system into bento archives during the build process. This vulnerability can be exploited to exfiltrate sensitive data such as credentials, SSH keys, and environment variables into supply chain artifacts that may be pushed to registries or deployed in production environments. A patch is available in version 1.4.34.

Python Docker Path Traversal +2
NVD GitHub
EPSS 0% CVSS 8.0
HIGH POC PATCH This Week

Runtipi versions 3.7.0 through 4.6.x suffer from arbitrary command execution when authenticated users upload backups with malicious filenames containing shell metacharacters, which the BackupManager fails to sanitize before executing restore operations. An attacker with valid credentials can craft a backup filename like $(id).tar.gz to achieve remote code execution on the host server with the privileges of the Runtipi process. Public exploit code exists for this vulnerability, and patches are available in version 4.7.0 and later.

Docker Runtipi
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Arcane Docker management interface prior to 1.13.2 has missing authentication, allowing unauthenticated attackers to manage Docker containers, images, and networks on the host.

Docker Arcane
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Tugtainer versions before 1.16.1 transmit authentication credentials through URL query parameters rather than request bodies, causing passwords to be exposed in server logs, browser history, and proxy logs. This exposure allows attackers with access to these logs or cached data to obtain valid credentials for the Docker container management system. Public exploit code exists for this vulnerability, and a patch is available in version 1.16.1.

Docker Tugtainer
NVD GitHub
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Authenticated users can exploit string formatting and exception handling in n8n's Python task executor to escape sandbox restrictions and execute arbitrary code on the underlying operating system, with full instance takeover possible in Internal execution mode. Public exploit code exists for this vulnerability, which affects n8n deployments running under Internal execution mode where the Python executor has direct OS access. External execution mode deployments using Docker sidecars have reduced impact as code execution is confined to the container rather than the main node.

Python Docker AI / ML +1
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL POC PATCH Act Now

Arcane Docker management tool before 1.13.0 has command injection in lifecycle labels. Container labels are passed to /bin/sh -c without sanitization, enabling RCE. PoC available.

Docker Command Injection Arcane +1
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can...

Docker RCE
NVD
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests to internal networks. By configuring agents with malicious OpenAPI specifications, attackers can scan internal infrastructure and access internal services. PoC available, patch available.

Docker SSRF AI / ML +1
NVD GitHub
EPSS 0% CVSS 7.9
HIGH PATCH This Week

Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. [CVSS 7.9 HIGH]

Docker Kubernetes AWS +4
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL POC PATCH Act Now

Coolify before 4.0.0-beta.445 allows command injection through docker-compose.yaml parameters. If a victim creates an application from an attacker-controlled repository using the Docker Compose build pack, the attacker achieves root code execution on the Coolify instance. PoC available, patch available.

Docker Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution (RCE)*vulnerability exists in Coolify's application deployment workflow. [CVSS 8.8 HIGH]

Docker RCE Coolify
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

An authenticated command injection vulnerability in Coolify's PostgreSQL initialization script handling allows attackers with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and enables full remote code execution through unsanitized PostgreSQL init script filenames passed to shell commands. A public proof-of-concept exploit is available, and while not currently in CISA KEV, the vulnerability has a moderate EPSS score of 0.41% indicating some exploitation probability.

Command Injection PostgreSQL RCE +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

A command injection vulnerability in Coolify's Database Import functionality allows authenticated users with application/service management permissions to execute arbitrary system commands as root on managed servers. The vulnerability stems from unsanitized database names being passed directly to shell commands, enabling full remote code execution. A public proof-of-concept exploit is available, and with an EPSS score of 0.41% (61st percentile), this represents a moderate real-world exploitation risk for organizations using vulnerable Coolify versions.

Command Injection RCE Docker +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 allow anyone who can reach the database port to authenticate with full read/write access to the backend datastore. Publicly available exploit code exists, though EPSS remains low (0.81%) and the vendor states the database port is not network-exposed by default in 1.0.1 and later, limiting realistic reach. There is no public exploit identified as actively used in the wild (not in CISA KEV).

Authentication Bypass PostgreSQL Docker +1
NVD GitHub
EPSS 0% CVSS 2.9
LOW Monitor

MartialBE one-hub up to version 0.14.27 uses a hard-coded cryptographic key in the SESSION_SECRET environment variable of its default docker-compose.yml configuration, allowing remote attackers to potentially decrypt or forge session tokens with high attack complexity. The vulnerability requires non-standard deployment configurations and affects confidentiality rather than integrity or availability. Exploit code has been disclosed publicly, though active exploitation remains unconfirmed by CISA, and the vendor explicitly recommends against using the default Docker Compose example in production environments.

Docker Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

A security vulnerability in cpp-httplib (CVSS 5.3) that allows attacker-controlled http headers. Risk factors: public PoC available. Vendor patch is available.

Docker Information Disclosure Ubuntu +3
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT that are parsed into the request header multimap via read_headers() in httplib.h (headers.emplace), then the server later appends its own internal metadata using the same header names in Server::process_request without erasing duplicates. Because Request::get_header_value returns the first entry for a header key (id == 0) and the client-supplied headers are parsed before server-inserted headers, downstream code that uses these header names may inadvertently use attacker-controlled values. Affected files/locations: cpp-httplib/httplib.h (read_headers, Server::process_request, Request::get_header_value, get_header_value_u64) and cpp-httplib/docker/main.cc (get_client_ip, nginx_access_logger, nginx_error_logger). Attack surface: attacker-controlled HTTP headers in incoming requests flow into the Request.headers multimap and into logging code that reads forwarded headers, enabling IP spoofing, log poisoning, and authorization bypass via header shadowing. This vulnerability is fixed in 0.27.0.

Authentication Bypass Docker Ubuntu +3
NVD GitHub
EPSS 0% CVSS 2.9
LOW Monitor

A security vulnerability in opsre go-ldap-admin (CVSS 5.6). Remediation should follow standard vulnerability management procedures.

Docker Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload that injects shell metacharacters, causing the root-running ABRT process to execute attacker-controlled commands and ultimately gain full root privileges.

Docker Command Injection Red Hat +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH This Month

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Fluent Bit +1
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Google Authentication Bypass +3
NVD GitHub
EPSS 0% CVSS 8.6
HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache +7
NVD
EPSS 0% CVSS 8.6
HIGH This Month

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Oracle Apache +6
NVD
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Docker Information Disclosure Runc +2
NVD GitHub
EPSS 0% CVSS 1.1
LOW POC Monitor

Symlink following in DesktopCommanderMCP up to version 0.2.13 allows local authenticated attackers to read files outside intended directory boundaries through the isPathAllowed function in filesystem.ts. The vulnerability requires local access and authenticated user privileges, with high attack complexity and low exploitability difficulty despite public availability of proof-of-concept code. This affects only unsupported product versions and carries minimal real-world risk (CVSS 1.1, EPSS 0.02%), though the vendor acknowledges the issue as a guardrail limitation rather than a hardened security boundary.

Docker Information Disclosure Desktopcommandermcp
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Docker default credentials in Termix server management. PoC and patch available.

Nginx Docker Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Virtual Appliance Application +1
NVD
Prev Page 5 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy