9153 matches found
CVE-2026-46597 affecting package docker-buildx for versions less than 0.14.0-13
CVE-2026-46597 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...
CVE-2026-39832 affecting package docker-buildx for versions less than 0.14.0-13
CVE-2026-39832 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...
CVE-2026-39821 affecting package docker-buildx for versions less than 0.14.0-13
CVE-2026-39821 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...
CVE-2026-39830 affecting package docker-buildx for versions less than 0.14.0-13
CVE-2026-39830 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...
CVE-2026-39834 affecting package docker-buildx for versions less than 0.14.0-13
CVE-2026-39834 affecting package docker-buildx for versions less than 0.14.0-13. A patched version of the package is available...
CVE-2026-39821 affecting package docker-cli for versions less than 25.0.7-3
CVE-2026-39821 affecting package docker-cli for versions less than 25.0.7-3. A patched version of the package is available...
CVE-2026-39821 affecting package docker-compose for versions less than 2.27.0-11
CVE-2026-39821 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...
CVE-2026-39834 affecting package docker-compose for versions less than 2.27.0-11
CVE-2026-39834 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...
CVE-2026-39830 affecting package docker-compose for versions less than 2.27.0-11
CVE-2026-39830 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...
Fedora 44 : docker-compose (2026-3316f97296)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3316f97296 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...
Fedora 43 : docker-compose (2026-951a6725b8)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-951a6725b8 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...
CVE-2026-47179
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...
CVE-2026-47125
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin...
CVE-2026-45628
Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...
EUVD-2026-33372
Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...
EUVD-2026-33371
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution...
CVE-2026-47179 Arcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in Arcane
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...
CVE-2026-47179 Arcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in Arcane
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...
CVE-2026-47179
Summary: Arcane exposes an authenticated arbitrary host-file read via Docker Compose include directives. Prior to version 1.19.4, GetProjectFileContent could read any include file declared in a project’s compose file, even outside the project, because CreateProject bypassed include-path validatio...
CVE-2026-45628
Dokploy (PaaS) vulnerability CVE-2026-45628 affects version 0.29.2 and earlier. The root cause is unescaped interpolation of user-supplied branch names, repo URLs, and Docker credentials into shell commands constructed with JavaScript template literals and executed via child_process.exec (shell /...