Lucene search
+L

44 matches found

EUVD
EUVD
added 2026/06/23 7:53 p.m.9 views

EUVD-2026-38603

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.8AI score0.00153EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51592

Name of the Vulnerable Software and Affected Versions foreman-mcp-server affected versions not specified Description Two distinct logging mechanisms in the software can expose sensitive session and authentication data. One mechanism logs session identifiers, which function as authentication...

6.2CVSS5.8AI score0.00153EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:10 p.m.13 views

CVE-2026-45633

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.1AI score0.00922EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 4:10 p.m.13 views

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.1AI score0.00922EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 4:10 p.m.39 views

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS0.00922EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 4:10 p.m.36 views

CVE-2026-45633

CVE-2026-45633 : Dokploy (PaaS) v0.26.6 and earlier suffers a command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, enabling authenticated users to execute arbitrary commands with root...

9.9CVSS6.1AI score0.00922EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 4:10 p.m.4 views

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.2AI score0.00922EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 4:10 p.m.18 views

EUVD-2026-33353

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.1AI score0.00922EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contain security vulnerabilities. These vulnerabilities stem from command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are concatenated directly into...

9.9CVSS6.1AI score0.00922EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-44937

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.1AI score0.00922EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.11 views

CVE-2025-32425

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...

5.5CVSS5.9AI score0.00182EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 4:16 p.m.12 views

CVE-2025-32425

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...

5.5CVSS0.00182EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/13 3:55 p.m.7 views

CVE-2025-32425 AutoGPT has missing Docker log rotation on platform containers that allows host disk-exhaustion DoS

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...

5.1CVSS5.9AI score0.00182EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/13 3:55 p.m.35 views

CVE-2025-32425 AutoGPT has missing Docker log rotation on platform containers that allows host disk-exhaustion DoS

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...

5.1CVSS0.00182EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:55 p.m.8 views

CVE-2025-32425

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...

5.1CVSS5.9AI score0.00182EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/05/13 3:55 p.m.11 views

EUVD-2025-209827

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...

5.1CVSS5.9AI score0.00182EPSS
Exploits1References4
OSV
OSV
added 2026/05/13 3:55 p.m.6 views

CVE-2025-32425 AutoGPT has missing Docker log rotation on platform containers that allows host disk-exhaustion DoS

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...

5.1CVSS6.1AI score0.00182EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.14 views

PT-2026-40704

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.32 Description AutoGPT records the execution process to the console, which is captured by Docker as container logs when deployed in container mode. In affected versions, there is no limit on the log size. A high...

5.5CVSS5.9AI score0.00182EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/10 5:32 p.m.36 views

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

3.5CVSS5.8AI score0.00219EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2290

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00312EPSS
Exploits0References8
Rows per page
Query Builder