CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

38 matches found

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.1AI score0.00235EPSS

Exploits0References1

ATTACKERKB•added 6 days ago•5 views

CVE-2026-45633

9.9CVSS6.1AI score0.00235EPSS

Exploits0References2Affected Software1

CVE•added 6 days ago•8 views

CVE-2026-45633

CVE-2026-45633 : Dokploy (PaaS) v0.26.6 and earlier suffers a command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, enabling authenticated users to execute arbitrary commands with root...

9.9CVSS6.1AI score0.00235EPSS

Exploits0References1

Cvelist•added 6 days ago•25 views

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

9.9CVSS0.00235EPSS

Exploits0References1

EUVD•added 6 days ago•6 views

EUVD-2026-33353

9.9CVSS6.1AI score0.00235EPSS

Exploits0References1

Positive Technologies•added 6 days ago•5 views

PT-2026-44937

9.9CVSS6.1AI score0.00235EPSS

Exploits0References2

CNNVD•added 6 days ago•3 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contain security vulnerabilities. These vulnerabilities stem from command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are concatenated directly into...

9.9CVSS6.1AI score0.00235EPSS

Exploits0References1

RedhatCVE•added 2026/05/14 7:58 p.m.•3 views

CVE-2025-32425

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console stdout/stderr, and deployed in container mode, which is automatically captured by Docker an...

5.5CVSS5.9AI score0.00012EPSS

Exploits1References1

NVD•added 2026/05/13 4:16 p.m.•3 views

CVE-2025-32425

5.5CVSS0.00012EPSS

Exploits1References4

Cvelist•added 2026/05/13 3:55 p.m.•24 views

CVE-2025-32425 AutoGPT has missing Docker log rotation on platform containers that allows host disk-exhaustion DoS

5.1CVSS0.00012EPSS

Exploits1References4

ATTACKERKB•added 2026/05/13 3:55 p.m.•3 views

CVE-2025-32425

5.1CVSS5.9AI score0.00012EPSS

Exploits1References5Affected Software1

EUVD•added 2026/05/13 3:55 p.m.•5 views

EUVD-2025-209827

5.1CVSS5.9AI score0.00012EPSS

Exploits1References4

Vulnrichment•added 2026/05/13 3:55 p.m.•2 views

CVE-2025-32425 AutoGPT has missing Docker log rotation on platform containers that allows host disk-exhaustion DoS

5.1CVSS5.9AI score0.00012EPSS

Exploits1References4

Positive Technologies•added 2026/05/13 12:0 a.m.•4 views

PT-2026-40704

Name of the Vulnerable Software and Affected Versions AutoGPT versions prior to 0.6.32 Description AutoGPT records the execution process to the console, which is captured by Docker as container logs when deployed in container mode. In affected versions, there is no limit on the log size. A high...

5.5CVSS5.9AI score0.00012EPSS

Exploits1References6

Github Security Blog•added 2026/04/10 5:32 p.m.•2 views

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

3.5CVSS5.8AI score0.00065EPSS

Exploits1References4Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-2290

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00071EPSS

Exploits0References8

Tenable Nessus•added 2025/08/26 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2024-5321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated...

6.1CVSS6.3AI score0.00071EPSS

Exploits0References2

Tenable Nessus•added 2025/06/16 12:0 a.m.•5 views

TencentOS Server 4: kubernetes (TSSA-2024:0807)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0807 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.1CVSS6.5AI score0.00071EPSS

Exploits0References2

Veracode•added 2025/05/26 11:33 a.m.•5 views

Sensitive Information Disclosure

zotregistry.dev/zot is vulnerable to Sensitive Information Disclosure. The vulnerability is due to exposed sensitive data due to the clientsecret being printed to container logs when Keycloak is used as an OIDC provider...

6.9CVSS6.5AI score0.00128EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2025/05/22 8:33 p.m.•15 views

zot logs secrets

Summary When using Keycloak as an oidc provider, the clientsecret gets printed into the container stdout logs for an example at container startup. Details Container Image 15.04.2025: ghcr.io/project-zot/zot-linux-amd64:latest Here is an example how the configuration can look which causes the abov...

6.9CVSS6.7AI score0.00128EPSS

Exploits0References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by