PT-2026-42830

Name of the Vulnerable Software and Affected Versions Docker Model Runner on macOS affected versions not specified Description The vllm-metal inference backend unconditionally sets trust remote code=True when loading model tokenizers and operates without sandboxing. This allows the...

Docker Desktop < 4.68.0 Container Escape (CVE-2026-5817)

The version of Docker Desktop installed on the remote host is prior to 4.68.0. It is, therefore, affected by a container escape vulnerability: - A container-to-host code execution vulnerability exists in the Docker Model Runner vllm-metal inference backend. An attacker with access to a container...

MAL-2026-4228 Malicious code in @tiledesk/tiledesk-server (npm)

@tiledesk/tiledesk-server version 2.18.12 is a compromised release of the legitimate Tiledesk customer support platform package. This version was injected with a CI pipeline backdoor as part of the megalodon campaign — a mass GitHub repository backdooring operation targeting CI/CD runner...

GHSA-65PC-FJ4G-8RJX vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, py3-cassandra-medusa, dask-kubernetes, open-webui, reflex, jupyter-base-notebook, mlflow, py3-pip, superset, httpie, ggshield, semgrep, airflow, datadog-agent, jwt-tool, kserve, confluent-docker-utils, kubeflow-pipelines-visualization-server...

CVE-2026-45409 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, py3-cassandra-medusa, dask-kubernetes, open-webui, reflex, jupyter-base-notebook, mlflow, py3-pip, superset, httpie, ggshield, semgrep, airflow, datadog-agent, jwt-tool, kserve, confluent-docker-utils, kubeflow-pipelines-visualization-server...

CVE-2026-45409 vulnerabilities

Vulnerabilities for packages: ansible-operator-fips, httpie, azureml-inference-server-http-fips, datadog-agent, dask-kubernetes-fips, jupyter-base-notebook, litellm, datadog-agent-fips, py3-hashin, locust, py3-pip, apache-beam-python-3.11-sdk, nemo, airflow-core, kubeflow-volumes-web-app,...

GHSA-65PC-FJ4G-8RJX vulnerabilities

Vulnerabilities for packages: ansible-operator-fips, httpie, azureml-inference-server-http-fips, datadog-agent, dask-kubernetes-fips, jupyter-base-notebook, litellm, datadog-agent-fips, py3-hashin, locust, py3-pip, apache-beam-python-3.11-sdk, nemo, airflow-core, kubeflow-volumes-web-app,...

ai-pentest-lab

AI Pentest Lab Demo de segurança ofensiva com IA para palestr...

Security update for docker

This update for docker rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: Basesystem Module 15-S...

SUSE-SU-2026:2033-1 Security update for docker

This update for docker rebuilds it against the current go security release...

Malicious code in arc-diag-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95f08d97107d726a6ae90afbf8e354b84a7e13d4a236bc8766180a362cc8344c On npm install, the package's postinstall hook runs id to capture the installer's uid/gid/group identity and opens a raw TCP socket to...

MAL-2026-4481 Malicious code in arc-diag-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95f08d97107d726a6ae90afbf8e354b84a7e13d4a236bc8766180a362cc8344c On npm install, the package's postinstall hook runs id to capture the installer's uid/gid/group identity and opens a raw TCP socket to...

Astra Linux - уязвимость в docker.io-app

Moby is an open-source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tools or runtimes. Moby’s networking implementation allows for multiple networks to be defined, each with its own IP address range and gateway. This feature is...

Astra Linux – Vulnerability in docker.io

Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine, where the data directory /var/lib/docker, contained subdirectories with insufficiently restricted permissions. This allowed unprivileged Linux users to access and...

Astra Linux - уязвимость в docker.io

Moby is an open-source container framework developed by Docker Inc. It is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component, known as “dockerd”, is commonly referred to as Docker. Swarm Mode is a built-in container...

Astra Linux - уязвимость в docker.io-app

Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is vulnerable to cache poisoning if the image is built FROM scratch. Additionally, changes to certain instructions—especially HEALTHCHECK and ONBUILD—do not trigger cache...

Astra Linux - уязвимость в docker.io-app

Moby v25.0.5 is affected by a race condition in the builder/builder-next/adapters/snapshot/layer.go file. This vulnerability could be exploited to trigger concurrent builds that invoke the EnsureLayer function, leading to resource leaks or exhaustion...

Astra Linux - уязвимость в docker-registry

A flaw was discovered in the /v2/catalog endpoint located in the distribution/distribution directory. This endpoint accepts a parameter that controls the maximum number of records to be returned query string: n. This vulnerability allows a malicious user to submit an excessively large value for n...

Amazon Linux 2023 : docker (ALAS2023-2026-1659)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1659 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin...

GHSA-2V5F-5R6W-P67R MCP Registry: OCI validator skips ownership check on upstream rate limits

OCI ownership validation fails open on upstream rate limits, allowing attacker to claim arbitrary public OCI images under their own namespace Severity: Low re-scored post-triage; see Maintainer triage note below Affected: modelcontextprotocol/registry main branch at commit fe0cb3b current HEAD as...