Skip to main content

Docker

818 CVEs product

Monthly

CVE-2025-52881 Go HIGH POC PATCH This Week

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Docker Information Disclosure Runc Red Hat Suse
NVD GitHub
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-11489 LOW POC Monitor

Symlink following in DesktopCommanderMCP up to version 0.2.13 allows local authenticated attackers to read files outside intended directory boundaries through the isPathAllowed function in filesystem.ts. The vulnerability requires local access and authenticated user privileges, with high attack complexity and low exploitability difficulty despite public availability of proof-of-concept code. This affects only unsupported product versions and carries minimal real-world risk (CVSS 1.1, EPSS 0.02%), though the vendor acknowledges the issue as a guardrail limitation rather than a hardened security boundary.

Docker Information Disclosure Desktopcommandermcp
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.0%
CVE-2025-59951 CRITICAL POC PATCH Act Now

Docker default credentials in Termix server management. PoC and patch available.

Nginx Docker Authentication Bypass Termix
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-34234 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.2
EPSS
0.0%
CVE-2025-34222 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes -. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker HP PHP Virtual Appliance Application +1
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-34221 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker RCE Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
10.0
EPSS
1.7%
CVE-2025-34218 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Privilege Escalation Information Disclosure Virtual Appliance Application +1
NVD
CVSS 4.0
10.0
EPSS
0.7%
CVE-2025-34215 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow:. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker RCE Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.4
EPSS
0.5%
CVE-2025-34209 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private GPG key and. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-34207 HIGH This Month

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Docker Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
7.9
EPSS
0.1%
CVE-2025-10657 HIGH This Month

In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Docker Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-34206 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-34205 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker PHP Deserialization RCE Virtual Appliance Application +1
NVD
CVSS 4.0
9.3
EPSS
4.3%
CVE-2025-34204 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker PHP Privilege Escalation Node.js Virtual Appliance Application +1
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-34203 CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Docker PHP Nginx OpenSSL +4
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-34202 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE Redis Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.7
EPSS
0.4%
CVE-2025-34201 HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) run many Docker containers on shared internal networks without firewalling or segmentation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Redis Virtual Appliance Application Virtual Appliance Host
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-58766 CRITICAL This Week

Dyad is a local AI app builder. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker RCE Code Injection
NVD GitHub
CVSS 3.1
9.0
EPSS
0.0%
CVE-2025-55473 MEDIUM This Month

Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker PHP XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-34159 CRITICAL POC Act Now

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE Coolify
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.5%
CVE-2025-57802 HIGH This Month

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-9074 CRITICAL POC Act Now

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Microsoft Information Disclosure Windows
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
0.9%
CVE-2025-57734 MEDIUM Monitor

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-55740 Go MEDIUM PATCH This Month

nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Docker Nginx
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55213 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Google Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-40767 HIGH This Week

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated high severity (CVSS 8.8). No vendor patch available.

Docker Privilege Escalation Sinec Traffic Analyzer
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-40766 MEDIUM This Month

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Docker Sinec Traffic Analyzer
NVD
CVSS 4.0
6.8
EPSS
0.0%
CVE-2025-6392 MEDIUM This Month

Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

Information Disclosure Docker Brocade Sannav
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-53632 Go CRITICAL PATCH Act Now

CVE-2025-53632 is a path traversal vulnerability (zip slip) in Chall-Manager v0.1.3 and earlier that allows unauthenticated attackers to write arbitrary files to the system when processing scenario zip archives. The vulnerability has a CVSS 9.1 severity score due to high integrity and availability impact, though real-world exploitation risk is partially mitigated by deployment recommendations to isolate Chall-Manager within internal infrastructure. A patch is available in v0.1.4 via commit 47d188f.

Path Traversal Docker Chall Manager Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-53372 npm HIGH PATCH This Week

node-code-sandbox-mcp is a Node.js-based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges on the host machine, bypassing the sandbox protection of running code inside docker. This vulnerability is fixed in 1.3.0.

RCE Node.js Command Injection Docker
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-53376 HIGH PATCH This Week

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the attacker-supplied appName value into a Docker CLI call without sanitisation, enabling command injection under the Dokploy service account. This vulnerability is fixed in 0.23.7.

Command Injection Docker Dokploy
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-6587 MEDIUM PATCH This Month

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.  A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.

Authentication Bypass Docker
NVD VulDB
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-6624 LIB LOW PATCH Monitor

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or DEBUG/TRACE mode. The issue affects the following Snyk commands: 1. When snyk container test or snyk container monitor commands are run against a container registry, with debug mode enabled, the container registry credentials may be written into the local Snyk CLI debug log. This only happens with credentials specified in environment variables (SNYK_REGISTRY_USERNAME and SNYK_REGISTRY_PASSWORD), or in the CLI (--password/-p and --username/-u). 2. When snyk auth command is executed with debug mode enabled AND the log level is set to TRACE, the Snyk access / refresh credential tokens used to connect the CLI to Snyk may be written into the local CLI debug logs. 3. When snyk iac test is executed with a Remote IAC Custom rules bundle, debug mode enabled, AND the log level is set to TRACE, the docker registry token may be written into the local CLI debug logs.

Information Disclosure Docker
NVD GitHub
CVSS 4.0
1.2
EPSS
0.0%
CVE-2025-49593 MEDIUM PATCH This Month

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a malicious container registry, or an existing container registry can be taken over, HTTP Headers (including registry authentication credentials or Portainer session tokens) may be leaked to that registry. This issue has been patched in STS version 2.31.0 and LTS version 2.27.7.

Information Disclosure Kubernetes Docker
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-49842 LOW PATCH Monitor

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24.

Privilege Escalation Docker
NVD GitHub
CVSS 4.0
1.0
EPSS
0.0%
CVE-2025-1411 HIGH This Week

IBM Security Verify Directory Container versions 10.0.0.0 through 10.0.3.1 contain a privilege escalation vulnerability allowing local users to execute arbitrary commands as root. The vulnerability stems from the application running with unnecessary elevated privileges, enabling authenticated local attackers to escalate permissions without user interaction. This is a high-severity local privilege escalation affecting containerized deployments of IBM's identity and access management solution.

Privilege Escalation IBM Docker Security Verify Directory
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0163 MEDIUM This Month

CVE-2025-0163 is a security vulnerability (CVSS 5.3) that allows a remote attacker. Remediation should follow standard vulnerability management procedures.

Docker Information Disclosure IBM Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5151 MEDIUM POC Monitor

A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docker Introspect
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-48371 Go MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Docker Helm Charts Openfga Suse
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2025-22248 CRITICAL This Week

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Kubernetes Docker Bitnami +1
NVD GitHub
CVSS 4.0
9.4
EPSS
0.3%
CVE-2025-46331 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.3%
CVE-2025-4095 MEDIUM This Month

Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Docker macOS
NVD
CVSS 4.0
4.3
EPSS
0.1%
CVE-2025-3911 MEDIUM This Month

Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords,. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-3224 HIGH This Week

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. Rated high severity (CVSS 7.3). No vendor patch available.

Microsoft Docker Privilege Escalation Desktop Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-32955 MEDIUM This Month

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker Red Hat
NVD GitHub
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-22036 Go CRITICAL PATCH Act Now

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Privilege Escalation Suse
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-32021 PyPI LOW POC PATCH Monitor

Weblate is a web based localization tool. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Docker Weblate
NVD GitHub
CVSS 3.1
2.2
EPSS
0.3%
CVE-2025-30206 Go CRITICAL PATCH Act Now

Dpanel is a Docker visualization panel system which provides complete Docker management functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Privilege Escalation Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-32755 CRITICAL Act Now

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Jenkins Debian Ssh Slave
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-32754 CRITICAL Act Now

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Jenkins Debian Ssh Agent
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-32111 HIGH This Week

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Docker
NVD GitHub
CVSS 3.1
8.7
EPSS
0.2%
CVE-2025-2842 Go MEDIUM PATCH This Month

Tempo Operator incorrectly grants cluster-monitoring-view ClusterRole permissions to Tempo service accounts when Jaeger UI Monitor Tab is enabled, allowing authenticated users with TempoStack creation and Secret read permissions in a namespace to extract the service account token and gain unauthorized access to all cluster metrics. The vulnerability affects Grafana Tempo Operator and carries a CVSS score of 4.3 with low EPSS exploitation probability (0.21%, 44th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Grafana Kubernetes Docker Privilege Escalation Information Disclosure
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-2786 Go MEDIUM PATCH This Month

Tempo Operator creates overly-permissive ServiceAccount, ClusterRole, and ClusterRoleBinding resources that allow authenticated namespace users to extract the ServiceAccount token and abuse TokenReview and SubjectAccessReview APIs to enumerate other users' RBAC permissions, facilitating reconnaissance for follow-up attacks. While not enabling privilege escalation or impersonation directly, this information disclosure (CWE-200) under low complexity attack conditions affects any organization running Grafana Tempo Operator in multi-tenant or untrusted Kubernetes environments where namespace isolation is relied upon for security boundaries. EPSS exploitation probability is 0.21% (low), no public exploit code has been identified, and upstream remediation via GitHub PR #1145 has been made available by the Grafana Tempo Operator project.

Kubernetes Information Disclosure Docker
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-3048 PyPI MEDIUM PATCH This Month

After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-3047 PyPI MEDIUM PATCH This Month

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-55964 CRITICAL POC THREAT Emergency

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 67.3% and no vendor patch available.

RCE PostgreSQL Code Injection Docker Appsmith
NVD GitHub
CVSS 3.1
9.8
EPSS
67.3%
Threat
5.5
CVE-2024-8060 PyPI HIGH PATCH This Week

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker RCE Path Traversal File Upload
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2024-7771 MEDIUM POC PATCH This Month

A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Denial Of Service Anythingllm
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2024-13060 MEDIUM POC PATCH This Month

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Docker Anythingllm Docker
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-0495 Go MEDIUM PATCH This Month

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Docker Suse
NVD GitHub
CVSS 4.0
4.1
EPSS
0.0%
CVE-2025-27615 HIGH This Week

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. [CVSS 8.2 HIGH]

Docker
NVD GitHub
CVSS 3.1
8.2
EPSS
0.3%
CVE-2025-27519 CRITICAL Act Now

Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker RCE Path Traversal
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2025-21834 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: seccomp: passthrough uretprobe systemcall without filtering When attaching uretprobes to processes running inside docker, the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Docker Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-1696 MEDIUM This Month

A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker
NVD
CVSS 4.0
5.2
EPSS
0.1%
CVE-2025-27650 CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Vasion Print Virtual Appliance
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-25196 Go MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker Helm Charts Openfga +1
NVD GitHub
CVSS 4.0
5.8
EPSS
0.3%
CVE-2024-2240 HIGH This Week

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Privilege Escalation Brocade Sannav
NVD
CVSS 4.0
8.6
EPSS
1.0%
CVE-2024-57782 MEDIUM PATCH This Month

An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2025-0113 MEDIUM This Month

A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Paloalto
NVD
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-25198 HIGH POC This Week

mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Docker Mailcow
NVD GitHub Exploit-DB
CVSS 3.1
7.1
EPSS
5.8%
CVE-2025-24882 Go MEDIUM PATCH This Month

regclient is a Docker and OCI Registry Client in Go. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Red Hat Suse
NVD GitHub
CVSS 3.1
5.2
EPSS
0.2%
CVE-2025-23211 CRITICAL POC PATCH Act Now

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Ssti Information Disclosure Recipes
NVD GitHub
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-10846 Go MEDIUM PATCH This Month

The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Docker Information Disclosure Suse
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-45647 MEDIUM This Month

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Docker IBM Information Disclosure Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2024-56515 Go MEDIUM PATCH This Month

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Deserialization Matrix Media Repo Suse
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2024-41454 MEDIUM This Month

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload RCE Docker
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-41453 MEDIUM Monitor

A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2024-56323 Go MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Authentication Bypass Helm Charts Openfga Suse
NVD GitHub
CVSS 4.0
5.8
EPSS
0.1%
CVE-2024-45497 HIGH This Week

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2024-35141 HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM Security Verify Access Docker
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-55603 MEDIUM POC PATCH This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Docker Kanboard
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-53844 MEDIUM This Month

E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Docker
NVD GitHub
CVSS 3.1
6.3
EPSS
0.4%
CVE-2024-11075 HIGH This Week

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-41968 MEDIUM This Month

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-9348 HIGH This Week

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Docker
NVD
CVSS 4.0
8.9
EPSS
0.5%
CVE-2024-9676 MEDIUM This Month

A denial of service vulnerability in A vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Information Disclosure Linux Docker Path Traversal
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2024-41997 MEDIUM This Month

An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Command Injection RCE Docker
NVD GitHub
CVSS 3.1
6.6
EPSS
1.2%
CVE-2024-47832 Go CRITICAL PATCH Act Now

ssoready is a single sign on provider implemented via docker. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Jwt Attack Docker Ssoready
NVD GitHub
CVSS 4.0
9.3
EPSS
0.4%
CVE-2024-9407 Go MEDIUM PATCH This Month

CVE-2024-9407 is a security vulnerability (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Docker
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-47182 Go HIGH PATCH This Week

Dozzle is a realtime log viewer for docker containers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Docker Dozzle
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Docker Information Disclosure Runc +2
NVD GitHub
EPSS 0% CVSS 1.1
LOW POC Monitor

Symlink following in DesktopCommanderMCP up to version 0.2.13 allows local authenticated attackers to read files outside intended directory boundaries through the isPathAllowed function in filesystem.ts. The vulnerability requires local access and authenticated user privileges, with high attack complexity and low exploitability difficulty despite public availability of proof-of-concept code. This affects only unsupported product versions and carries minimal real-world risk (CVSS 1.1, EPSS 0.02%), though the vendor acknowledges the issue as a guardrail limitation rather than a hardened security boundary.

Docker Information Disclosure Desktopcommandermcp
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL POC PATCH Act Now

Docker default credentials in Termix server management. PoC and patch available.

Nginx Docker Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Virtual Appliance Application +1
NVD
EPSS 0% CVSS 10.0
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes -. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker HP +3
NVD
EPSS 2% CVSS 10.0
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker RCE +2
NVD
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Privilege Escalation +3
NVD
EPSS 1% CVSS 9.4
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow:. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker RCE +2
NVD
EPSS 0% CVSS 9.4
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private GPG key and. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Virtual Appliance Application +1
NVD
EPSS 0% CVSS 7.9
HIGH This Month

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Docker Virtual Appliance Application +1
NVD
EPSS 0% CVSS 8.7
HIGH This Month

In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Docker Privilege Escalation
NVD
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Virtual Appliance Application +1
NVD
EPSS 4% CVSS 9.3
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker PHP Deserialization +3
NVD
EPSS 0% CVSS 8.7
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker PHP Privilege Escalation +3
NVD
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Debian Docker PHP +6
NVD
EPSS 0% CVSS 8.7
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE Redis +2
NVD
EPSS 0% CVSS 8.5
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) run many Docker containers on shared internal networks without firewalling or segmentation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Docker Information Disclosure Redis +2
NVD
EPSS 0% CVSS 9.0
CRITICAL This Week

Dyad is a local AI app builder. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker RCE Code Injection
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker PHP XSS
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL POC Act Now

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE Coolify
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Month

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure
NVD GitHub
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Microsoft Information Disclosure +1
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM Monitor

In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Teamcity
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Docker Nginx
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Docker Google +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated high severity (CVSS 8.8). No vendor patch available.

Docker Privilege Escalation Sinec Traffic Analyzer
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Docker Sinec Traffic Analyzer
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

Information Disclosure Docker Brocade Sannav
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

CVE-2025-53632 is a path traversal vulnerability (zip slip) in Chall-Manager v0.1.3 and earlier that allows unauthenticated attackers to write arbitrary files to the system when processing scenario zip archives. The vulnerability has a CVSS 9.1 severity score due to high integrity and availability impact, though real-world exploitation risk is partially mitigated by deployment recommendations to isolate Chall-Manager within internal infrastructure. A patch is available in v0.1.4 via commit 47d188f.

Path Traversal Docker Chall Manager +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

node-code-sandbox-mcp is a Node.js-based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges on the host machine, bypassing the sandbox protection of running code inside docker. This vulnerability is fixed in 1.3.0.

RCE Node.js Command Injection +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Dokploy is a self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the attacker-supplied appName value into a Docker CLI call without sanitisation, enabling command injection under the Dokploy service account. This vulnerability is fixed in 0.23.7.

Command Injection Docker Dokploy
NVD GitHub
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc.  A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection.

Authentication Bypass Docker
NVD VulDB
EPSS 0% CVSS 1.2
LOW PATCH Monitor

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or DEBUG/TRACE mode. The issue affects the following Snyk commands: 1. When snyk container test or snyk container monitor commands are run against a container registry, with debug mode enabled, the container registry credentials may be written into the local Snyk CLI debug log. This only happens with credentials specified in environment variables (SNYK_REGISTRY_USERNAME and SNYK_REGISTRY_PASSWORD), or in the CLI (--password/-p and --username/-u). 2. When snyk auth command is executed with debug mode enabled AND the log level is set to TRACE, the Snyk access / refresh credential tokens used to connect the CLI to Snyk may be written into the local CLI debug logs. 3. When snyk iac test is executed with a Remote IAC Custom rules bundle, debug mode enabled, AND the log level is set to TRACE, the docker registry token may be written into the local CLI debug logs.

Information Disclosure Docker
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a malicious container registry, or an existing container registry can be taken over, HTTP Headers (including registry authentication credentials or Portainer session tokens) may be leaked to that registry. This issue has been patched in STS version 2.31.0 and LTS version 2.27.7.

Information Disclosure Kubernetes Docker
NVD GitHub
EPSS 0% CVSS 1.0
LOW PATCH Monitor

conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privilege escalation and host compromise if a vulnerability is exploited. This issue has been patched in version 2025.3.24.

Privilege Escalation Docker
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

IBM Security Verify Directory Container versions 10.0.0.0 through 10.0.3.1 contain a privilege escalation vulnerability allowing local users to execute arbitrary commands as root. The vulnerability stems from the application running with unnecessary elevated privileges, enabling authenticated local attackers to escalate permissions without user interaction. This is a high-severity local privilege escalation affecting containerized deployments of IBM's identity and access management solution.

Privilege Escalation IBM Docker +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

CVE-2025-0163 is a security vulnerability (CVSS 5.3) that allows a remote attacker. Remediation should follow standard vulnerability management procedures.

Docker Information Disclosure IBM +2
NVD
EPSS 0% CVSS 4.8
MEDIUM POC Monitor

A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docker Introspect
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Docker Helm Charts +2
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL This Week

The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the. Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Kubernetes +3
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker +3
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Docker +1
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords,. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. Rated high severity (CVSS 7.3). No vendor patch available.

Microsoft Docker Privilege Escalation +2
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker Red Hat
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Privilege Escalation Suse
NVD GitHub
EPSS 0% CVSS 2.2
LOW POC PATCH Monitor

Weblate is a web based localization tool. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Docker +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Dpanel is a Docker visualization panel system which provides complete Docker management functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

In jenkins/ssh-slave Docker images based on Debian, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Jenkins +2
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Jenkins +2
NVD
EPSS 0% CVSS 8.7
HIGH This Week

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Docker
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Tempo Operator incorrectly grants cluster-monitoring-view ClusterRole permissions to Tempo service accounts when Jaeger UI Monitor Tab is enabled, allowing authenticated users with TempoStack creation and Secret read permissions in a namespace to extract the service account token and gain unauthorized access to all cluster metrics. The vulnerability affects Grafana Tempo Operator and carries a CVSS score of 4.3 with low EPSS exploitation probability (0.21%, 44th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Grafana Kubernetes Docker +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Tempo Operator creates overly-permissive ServiceAccount, ClusterRole, and ClusterRoleBinding resources that allow authenticated namespace users to extract the ServiceAccount token and abuse TokenReview and SubjectAccessReview APIs to enumerate other users' RBAC permissions, facilitating reconnaissance for follow-up attacks. While not enabling privilege escalation or impersonation directly, this information disclosure (CWE-200) under low complexity attack conditions affects any organization running Grafana Tempo Operator in multi-tenant or untrusted Kubernetes environments where namespace isolation is relied upon for security boundaries. EPSS exploitation probability is 0.21% (low), no public exploit code has been identified, and upstream remediation via GitHub PR #1145 has been made available by the Grafana Tempo Operator project.

Kubernetes Information Disclosure Docker
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker
NVD GitHub
EPSS 67% 5.5 CVSS 9.8
CRITICAL POC THREAT Emergency

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 67.3% and no vendor patch available.

RCE PostgreSQL Code Injection +2
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker RCE Path Traversal +1
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

A vulnerability in the Dockerized version of mintplex-labs/anything-llm (latest, digest 1d9452da2b92) allows for a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Denial Of Service Anythingllm
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Docker Anythingllm Docker
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Docker Suse
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. [CVSS 8.2 HIGH]

Docker
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Cognita is a RAG (Retrieval Augmented Generation) Framework for building modular, open source applications for production by TrueFoundry. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker RCE Path Traversal
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: seccomp: passthrough uretprobe systemcall without filtering When attaching uretprobes to processes running inside docker, the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Docker Denial Of Service +3
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.862 Application 20.0.2014 allows Private Keys in Docker Overlay V-2023-013. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Vasion Print +1
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Google Authentication Bypass Docker +3
NVD GitHub
EPSS 1% CVSS 8.6
HIGH This Week

Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Privilege Escalation Brocade Sannav
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service Suse
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A problem with the network isolation mechanism of the Palo Alto Networks Cortex XDR Broker VM allows attackers unauthorized access to Docker containers from the host network used by Broker VM. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Docker Authentication Bypass Paloalto
NVD
EPSS 6% CVSS 7.1
HIGH POC This Week

mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Docker Mailcow
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

regclient is a Docker and OCI Registry Client in Go. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Red Hat +1
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL POC PATCH Act Now

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Docker Ssti Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Docker Information Disclosure Suse
NVD GitHub
EPSS 0% CVSS 5.6
MEDIUM This Month

IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Docker IBM Information Disclosure +2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Deserialization Matrix Media Repo +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload RCE +1
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM Monitor

A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker XSS
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity.

Docker Authentication Bypass Helm Charts +2
NVD GitHub
EPSS 1% CVSS 7.6
HIGH This Week

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Denial Of Service
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Docker +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Docker
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Docker
NVD
EPSS 0% CVSS 8.9
HIGH This Week

Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Docker
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A denial of service vulnerability in A vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures.

Denial Of Service Information Disclosure Linux +2
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM This Month

An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Command Injection RCE +1
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

ssoready is a single sign on provider implemented via docker. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Jwt Attack Docker +1
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

CVE-2024-9407 is a security vulnerability (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Docker
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Dozzle is a realtime log viewer for docker containers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Docker Dozzle
NVD GitHub
Prev Page 6 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy