CVE-2026-44985

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

CVE-2026-44985

The CVE-2026-44985 vulnerability affects Dozzle prior to version 10.5.2 where the WebSocket upgrader for /exec and /attach uses CheckOrigin: true, allowing cross-origin upgrade requests. When combined with a SameSite: Lax JWT cookie, this enables Cross-Site WebSocket Hijacking (CSWSH) from a same...

CVE-2026-6406

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

Unity Linux 20.1060e / 20.1070e Security Update: cifs-utils (UTSA-2026-016660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016660 advisory. A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host...

Gotenberg 路径遍历漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained a path traversal vulnerability. This vulnerability stemmed from multiple endpoints accepting user-controlled...

Red Hat Fuse 安全漏洞

Red Hat Fuse is an open-source distributed integration platform based on Apache Camel, developed by Red Hat Inc. This platform provides standardized methods, infrastructure, and tools for integrating services, microservices, and application components. Red Hat Fuse has a security vulnerability th...

NewStart CGSL MAIN 6.06 (SP) : docker-ce Vulnerability (NS-SA-2026-0028)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set ...

PT-2026-26419

Summary In [email protected], sandbox network hardening blocks network=host but still allows network=container:. This can let a sandbox join another container's network namespace and reach services available in that namespace. Preconditions and Trust Model Context This issue requires a...

CVE-2026-24740 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agen...

PT-2026-3586

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

Exploit for CVE-2025-13780

CVE-2025-13780: pgAdmin 4 /tmp/pwned will b...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to the process handling custom storage volumes with the security.shifted property set to true. An attacker can gain elevated privileges on the host system by creating a custom storage volume, writing a...

EUVD-2016-2555

Malware in sbrugna...

EUVD-2016-5963

Malware in sbrugna...

EUVD-2022-44909

Malicious code in bioql PyPI...

EUVD-2025-8900

Malicious code in bioql PyPI...

EUVD-2025-25728

Malicious code in bioql PyPI...

Sensitive Information Disclosure

local-deep-research is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure local storage because confidential data API keys, etc. are kept in an unencrypted SQLite database with a fixed, non-configurable location, allowing anyone with container or host filesystem...

CVE-2025-34211

Vasion Print Virtual Appliance Host (pre-22.0.1049) and Application (pre-20.0.2786) store a private SSL key and its public certificate in cleartext, using the same pl-local.com key across all deployments. With container access, an attacker can read the key to decrypt TLS traffic, perform MITM, or...

CVE-2025-34206

Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA and SaaS deployments mount host configuration and secret material under /var/www/efsstorage into many Docker containers with overly-permissive filesystem permissions. Files such as secrets.env, GPG-encrypted blobs in...