CVE-2026-32038

OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

Exploit for CVE-2024-36039

CVE-2024-36039: PyMySQL Object Injection to SQL Injection PoC...

SUSE-SU-2026:20871-1 Security update for docker-compose

This update for docker-compose fixes the following issue: - CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files bsc1252752...

Arbitrary Code Injection

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Arbitrary Code Injection via the systempackages handling in the Dockerfile generation and image command paths. An attacker can execute arbitrary shell commands during bentoml...

BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

Summary The docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since systempackages is semantically a list of OS package names data, users do not expect values to be interpreted as shell command...

CVE-2025-64437 vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

CVE-2025-64433 vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

GHSA-QW6Q-3PGR-5CWQ vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

GHSA-46XP-26XH-HPQH vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

GHSA-2R4R-5X78-MVQF vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

GHSA-QW6Q-3PGR-5CWQ vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

GHSA-2R4R-5X78-MVQF vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

CVE-2025-64324 vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

GHSA-46XP-26XH-HPQH vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

CVE-2025-64437 vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

CVE-2025-64433 vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

NightOwl

NightOwl Advanced Penetration Testing Framework A modula...

SUSE CVE-2026-27734

Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URL...

SUSE CVE-2026-28406

kaniko is a tool to build container images from a Dockerfile, inside a container or Kubernetes cluster. Starting in version 1.25.4 and prior to version 1.25.10, kaniko unpacks build context archives using filepath.Joindest, cleanedName without enforcing that the final path stays within dest. A ta...