GHSA-4C29-8RGM-JVJJ vulnerabilities

Vulnerabilities for packages: zot, trivy, osv-scanner, skaffold, kubescape, trivy-operator, guac, scorecard, kaniko, buildah, docker-compose, docker-cli-buildx, conftest...

CVE-2026-33747 vulnerabilities

Vulnerabilities for packages: zot, trivy, osv-scanner, skaffold, kubescape, trivy-operator, guac, scorecard, kaniko, buildah, docker-compose, docker-cli-buildx, conftest...

GHSA-4VRQ-3VRQ-G6GG vulnerabilities

Vulnerabilities for packages: zot, trivy, osv-scanner, skaffold, kubescape, trivy-operator, guac, scorecard, kaniko, buildah, docker-compose, docker-cli-buildx, conftest...

CVE-2026-33747 vulnerabilities

Vulnerabilities for packages: trivy-fips, trivy, zot, livekit-cli, docker-fips, buildah-fips, docker-compose-fips, scorecard, docker-compose, kubescape-server, kaniko-fips, docker-cli-buildx-fips, trivy-operator, docker-cli-buildx, skaffold, kubescape, guac, buildah, osv-scanner,...

GHSA-4C29-8RGM-JVJJ vulnerabilities

Vulnerabilities for packages: trivy-fips, trivy, zot, livekit-cli, docker-fips, buildah-fips, docker-compose-fips, scorecard, docker-compose, kubescape-server, kaniko-fips, docker-cli-buildx-fips, trivy-operator, docker-cli-buildx, skaffold, kubescape, guac, buildah, osv-scanner,...

GHSA-4VRQ-3VRQ-G6GG vulnerabilities

Vulnerabilities for packages: trivy-fips, trivy, zot, livekit-cli, docker-fips, buildah-fips, docker-compose-fips, scorecard, docker-compose, kubescape-server, kaniko-fips, docker-cli-buildx-fips, trivy-operator, docker-cli-buildx, skaffold, kubescape, guac, buildah, osv-scanner,...

CVE-2026-33748 vulnerabilities

Vulnerabilities for packages: trivy-fips, trivy, zot, livekit-cli, docker-fips, buildah-fips, docker-compose-fips, scorecard, docker-compose, kubescape-server, kaniko-fips, docker-cli-buildx-fips, trivy-operator, docker-cli-buildx, skaffold, kubescape, guac, buildah, osv-scanner,...

PYSEC-2026-157

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

PYSEC-2026-157

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

CVE-2026-33744

CVE-2026-33744 affects BentoML versions prior to 1.4.37. The issue arises when the docker.system_packages field in bentofile.yaml is interpolated into Dockerfile RUN commands without sanitization, allowing arbitrary shell commands to execute during bentoml containerize or docker build. Impact is ...

CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

BentoML 代码注入漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.37, there was a code injection vulnerability. This vulnerability stemmed from the docker.systemPackages...

Linux Distros Unpatched Vulnerability : CVE-2026-23924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of...

GO-2026-4705 SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets in github.com/siyuan-note/siyuan/kernel

SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets in github.com/siyuan-note/siyuan/kernel...

CVE-2025-10461

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

CVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...