9153 matches found
CVE-2026-5817
The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...
CVE-2026-9568
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
CVE-2026-9568 ThingsBoard YAML provision getGatewayDockerComposeFile code injection
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
CVE-2026-9568
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
CVE-2026-9568 ThingsBoard YAML provision getGatewayDockerComposeFile code injection
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
CVE-2026-45082
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
CVE-2026-45082 Karakeep has a SSRF Protection Bypass via Redirect Handling
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
CVE-2026-45082
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
CVE-2026-45082 Karakeep has a SSRF Protection Bypass via Redirect Handling
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
EUVD-2026-31826
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
CVE-2026-45082
Karakeep (elf-hostable bookmark-everything app) has an SSRF protection bypass in versions before 0.32.0. Attackers could abuse crafted HTTP redirects to cause authenticated users to trigger requests from vulnerable components to internally reachable Docker network services. Affected processing pa...
SUSE-SU-2026:21851-1 Security update for docker-stable
This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of...
OPENSUSE-SU-2026:20814-1 Security update for docker-stable
This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of...
MonitorsFour-Write-UP
MonitorsFour-Write-UP Hack The Box MonitorsFour is an Easy-rat...
PT-2026-43379
A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...
PT-2026-43211
Name of the Vulnerable Software and Affected Versions Xibo CMS versions prior to 4.4.2 Description A vulnerability chain involving Stored Cross-Site Scripting XSS and Iframe Sandbox escape exists in the Xibo CMS. Users with DataSet permissions can utilize the Data Connector functionality to craft...
PT-2026-43257
Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery SSRF protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to prevent requests toward...
ThingsBoard 代码注入漏洞
ThingsBoard is a Java-based platform developed by the ThingsBoard team, used for monitoring, managing, and data collection of IoT devices. Versions of ThingsBoard 4.3.1.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the...
karakeep 安全漏洞
Karakeep is an open-source bookmarking app developed by Karakeep App. Versions of Karakeep prior to 0.32.0 contained security vulnerabilities. These vulnerabilities stemmed from a SSRF protection that could be bypassed by carefully crafted HTTP redirection chains. Authentication users could enabl...
SUSE SLED15 / SLES15 Security Update : docker (SUSE-SU-2026:2033-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2033-1 advisory. This update for docker rebuilds it against the current go security release. Tenable has extracted the preceding...