CVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

PT-2026-24575

Name of the Vulnerable Software and Affected Versions netbox-docker versions prior to 2.5.0 Description The netbox-docker software, before version 2.5.0, includes a superuser account with default credentials. Specifically, the admin account has a default password, and the SUPERUSER API TOKEN is s...

netbox-docker 安全漏洞

NetBox Docker is a containerized network infrastructure management platform open source by NetBox Community. Versions of NetBox Docker prior to 2.5.0 contained security vulnerabilities. These vulnerabilities stemmed from a superuser account with default credentials, which could allow attackers to...

CVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

CVE-2025-58190 affecting package docker-buildx for versions less than 0.14.0-10

CVE-2025-58190 affecting package docker-buildx for versions less than 0.14.0-10. A patched version of the package is available...

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-11065 affecting package docker-cli for versions less than 25.0.7-2

CVE-2025-11065 affecting package docker-cli for versions less than 25.0.7-2. A patched version of the package is available...

CVE-2025-11065 affecting package docker-buildx for versions less than 0.14.0-10

CVE-2025-11065 affecting package docker-buildx for versions less than 0.14.0-10. A patched version of the package is available...

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-47911 affecting package docker-buildx for versions less than 0.14.0-10

CVE-2025-47911 affecting package docker-buildx for versions less than 0.14.0-10. A patched version of the package is available...

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

rami-kali-MCP

Red Team MCP Server MCP Model Context Protocol server that...

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

EUVD-2026-10874

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

EUVD-2026-10875

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

CVE-2026-30953

LinkAce is affected by CVE-2026-30953 due to missing validation for NoPrivateIpRule during link creation. The server fetches HTML metadata from user-provided URLs in LinkRepository::create() via HtmlMeta::getFromUrl(), and the NoPrivateIpRule is only applied in FetchController.php, not in the pri...

GO-2026-4610 Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli...

GO-2026-4571 Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID in github.com/henrygd/beszel

Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID in github.com/henrygd/beszel...

BIT-DOCKER-CLI-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

PT-2026-24602

Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a victi...