Keycloak 授权问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has an authorization issue, which stems from logical problems with the Docker v2 authentication endpoint. Even if the Docker registry client is disabled by administrators, tokens are still issued,...

PT-2026-20651

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...

Medium: oci-add-hooks

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: docker

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: soci-snapshotter

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Medium: docker

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

Amazon Linux 2023 : docker (ALAS2023-2026-1376)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1376 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-090 (ALASNITRO-ENCLAVES-2026-090)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-090 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing...

Execution with Unnecessary Privileges

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Execution with Unnecessary Privileges via the sandbox.docker configuration. An attacker can gain unauthorized access to host resources or execute arbitrary commands on the host by injecti...

GHSA-W235-X559-36MG OpenClaw: Docker container escape via unvalidated bind mount config injection

Summary A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. Affected Packages / Versions - Package: openclaw npm - Affected versions: =...

OpenClaw: Docker container escape via unvalidated bind mount config injection

Summary A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. Affected Packages / Versions - Package: openclaw npm - Affected versions: =...

OPENSUSE-SU-2026:20249-1 Security update for docker

This update for docker fixes the following issues: - CVE-2025-58181: not validating the number of mechanisms can cause unlimited memory consumption bsc1253904...

SUSE-SU-2026:20578-1 Security update for docker

This update for docker fixes the following issues: - CVE-2025-58181: not validating the number of mechanisms can cause unlimited memory consumption bsc1253904...

SUSE-SU-2026:20539-1 Security update for docker

This update for docker fixes the following issues: - CVE-2025-58181: not validating the number of mechanisms can cause unlimited memory consumption bsc1253904...

PT-2026-20964

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description A configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, potentially enabling container...

Medium: docker

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

SUSE-SU-2026:20451-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...

minimal_poc

bas...

Exploit for OS Command Injection in Docker

HATCH Host Access Testing for Container Hardening A com...

CVE-2026-26217

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...