Lucene search
+L

157 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/01 4:17 p.m.3 views

CVE-2026-33990

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

6.8CVSS5.9AI score0.00253EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/01 4:17 p.m.4 views

EUVD-2026-17963

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

6.8CVSS5.9AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 4:17 p.m.2 views

CVE-2026-33990 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

6.8CVSS6AI score0.00253EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/01 4:17 p.m.11 views

CVE-2026-33990 Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's...

6.8CVSS6AI score0.00253EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 4:17 p.m.87 views

CVE-2026-33990

Docker Model Runner (DMR) is affected by an SSRF in the OCI registry token exchange flow prior to version 1.1.25. When pulling a model, DMR uses the realm URL from the registry’s WWW-Authenticate header without validating the scheme, hostname, or IP range, allowing a malicious OCI registry to dir...

9.1CVSS5.9AI score0.00253EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/03/30 5:8 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the OCI registry token exchange function when the realm URL from the WWW-Authenticate header is not validated for scheme, hostname, or IP range. An attacker can cause the application to make...

9.1CVSS6AI score0.00253EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/30 5:8 p.m.12 views

Docker Model Runner OCI Registry Client Vulnerable to Server-Side Request Forgery (SSRF)

Summary Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the registry's WWW-Authenticate header without validating the scheme, hostname, or IP range. A malicious OCI registry can set the realm...

9.1CVSS6AI score0.00253EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2026/03/13 8:18 a.m.4 views

Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation

Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees. The nine confused deputy...

6.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2026/03/12 9:32 p.m.11 views

CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root

Executive Summary Qualys TRU has discovered confused deputy vulnerabilities in AppArmor named "CrackArmor" that allow unprivileged users to bypass kernel protections, escalate to root, and break container isolation. The flaw has existed since 2017, and affected over 12.6 million systems globally...

6.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/02 1:43 p.m.9 views

CVE-2026-28400

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/02/27 10:16 p.m.11 views

CVE-2026-28400

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/27 9:6 p.m.9 views

EUVD-2026-9073

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/27 9:6 p.m.26 views

CVE-2026-28400 Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

Docker Model Runner DMR is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST /engines/configure endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying inference server llama.cpp...

7.5CVSS0.00226EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/27 12:55 a.m.20 views

Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Summary A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agent host by directly targeting their container IDs. Note: Tested on v9.0....

9.9CVSS5.8AI score0.00385EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/26 7:3 p.m.10 views

PT-2025-136: Path Traversal in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

6.9CVSS5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/12/02 9:7 p.m.31 views

Singluarity ineffectively applies selinux / apparmor LSM process labels

Impact Native Mode default Singularity's default native runtime allows users to apply restrictions to container processes using the apparmor or selinux Linux Security Modules LSMs, via the --security selinux: or --security apparmor: flags. LSM labels are written to process or thread attrs/exec...

7.5CVSS7AI score0.00523EPSS
Exploits1References9Affected Software1
Packet Storm News
Packet Storm News
added 2025/11/22 12:0 a.m.7 views

EBPF-PATROL: Protective Agent for Threat Recognition and Overreach Limitation Using EBPF in Containerized and Virtualized Environments

With the increasing use and adoption of cloud and cloud-native computing, the underlying technologies i.e., containerization and virtualization have become foundational. However, strict isolation and maintaining runtime security in these environments has become increasingly challenging. Existing...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 3: container-tools:rhel8 (TSSA-2024:0790)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0790 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.2CVSS6.8AI score0.00969EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.12 views

PT-2026-22403

Name of the Vulnerable Software and Affected Versions Docker Model Runner versions prior to 1.0.16 Docker Desktop versions prior to 4.61.0 when Model Runner is enabled Description Docker Model Runner is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expo...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References14
Amazon
Amazon
added 2025/10/27 12:0 a.m.8 views

Low: docker

Issue Overview: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulnerability affects Moby releases before 28.0.0. When firewalld reloads, Docker fails...

5.2CVSS7AI score0.00152EPSS
Exploits0
Rows per page
Query Builder