9157 matches found
openSUSE 16 Security Update : docker (openSUSE-SU-2026:20057-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20057-1 advisory. Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Updat...
Security update for docker (critical)
openSUSE security update: security update for docker ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20057-1 Rating: critical References: bsc1247367 bsc1247594 bsc1248373 bsc1250508 Cross-References: CVE-2025-54388 CVSS scores: CVE-2025-54388 SUSE :...
SUSE-SU-2026:20095-1 Security update for docker
This update for docker fixes the following issues: Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Update to docker-buildx v0.29.0. Upstream changelog: - Remove git-core recommends on SLE. Most SLE...
SUSE-SU-2026:20112-1 Security update for docker
This update for docker fixes the following issues: Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Update to docker-buildx v0.29.0. Upstream changelog: - Remove git-core recommends on SLE. Most SLE...
OPENSUSE-SU-2026:20057-1 Security update for docker
This update for docker fixes the following issues: Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Update to docker-buildx v0.29.0. Upstream changelog: - Remove git-core recommends on SLE. Most SLE...
EUVD-2026-2914
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter...
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...
GHSA-5882-5RX9-XGXP Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...
EUVD-2026-2915
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs...
Directory Traversal
Overview Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Directory Traversal via the Docker API endpoints that accept file:// URLs. An attacker can access sensitive files on the server filesystem by submitting crafted...
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...
GHSA-VX9W-5CX4-9796 Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...
Crawl4AI Has Local File Inclusion in Docker API via file:// URLs
A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...
Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter
A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...
PT-2026-7856
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.0 Description Crawl4AI is affected by a local file inclusion issue in its Docker API deployment. The /execute js, /screenshot, /pdf, and /html API endpoints accept file:// URLs, which allows unauthenticated remot...
MiracleLinux 7 : docker-distribution-2.6.2-1.git48294d9.el7 (AXSA:2017-2274:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2017-2274:01 advisory. It was found that docker-distribution did not properly restrict memory allocation size for a registry instance through the manifest endpoint. An attacker cou...
MiracleLinux 7 : docker-1.13.1-102.git7f2769b.0.1.el7.AXS7 (AXSA:2019-3988:03)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3988:03 advisory. docker: symlink-exchange race attacks in docker cp CVE-2018-15664 Tenable has extracted the preceding description block directly from the MiracleLinux securi...
CVE-2026-23520
Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...