AZL-75410 CVE-2025-11065 affecting package docker-buildx 0.14.0-8

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

AZL-75416 CVE-2025-11065 affecting package docker-compose 2.27.0-6

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

Oracle MySQL Server 8.4.x < 8.4.8 (January 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Docker Images SQLite. Supported versions that are affected are...

CVE-2026-24129

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

CVE-2026-24129

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

CVE-2026-24129 Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

CVE-2026-24129

Runtipi (Docker-based homeserver) versions 3.7.0+ are vulnerable to authenticated arbitrary command execution via shell metacharacters injected into backup filenames. The BackupManager stores uploaded backups using the raw originalname on the host filesystem, allowing an attacker to stage a file ...

Azure Linux 3.0 Security Update: docker-compose (CVE-2024-10846)

The version of docker-compose installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10846 advisory. - The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-094 (ALASECS-2026-094)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-094 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the progr...

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-085 (ALASNITRO-ENCLAVES-2026-085)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-085 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may caus...

Important: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Important: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Important: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-095 (ALASDOCKER-2026-095)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-095 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the...

MiracleLinux 7 : docker-1.13.1-162.git64e9980.0.1.el7.AXS7 (AXSA:2020-208:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-208:04 advisory. docker: Ambient capability usage in containers CVE-2016-8867 docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc...

MiracleLinux 7 : docker-1.13.1-206.git7d71120.0.1.el7.AXS7 (AXSA:2021-1764:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1764:03 advisory. runc: vulnerable to symlink exchange attack CVE-2021-30465 Tenable has extracted the preceding description block directly from the MiracleLinux security...

Exploit for SQL Injection in Phpgurukul Job_Portal

CVE-2024-8465 – SQL Injection Proof of Concept Team Inform...

CVE-2026-23846

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

Arcane Access Control Vulnerability

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.13.2 contained a access control vulnerability. This vulnerability stemmed from the environmental proxy middleware processing requests to remote environments before enforcing authentication. As a...

PT-2026-3491

Name of the Vulnerable Software and Affected Versions Tugtainer versions prior to 1.16.1 Description Tugtainer is a self-hosted application designed for automating updates of Docker containers. Prior to version 1.16.1, the password authentication process transmits passwords through URL query...