CVE-2026-1248 IBM Business Automation Workflow information leak

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

PT-2026-43995

IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages...

GHSA-RR59-XXVX-96QR Kata Containers have VM Escape via virtiofsd Argument Injection through Default-Enabled Pod Annotations

Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtiofsextraargs pod annotation. By injecting -o source=/ along with --no-announce-submounts a...

PT-2026-43453

Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process through the io.katacontainers.config.hypervisor.virtio fs extra args pod annotation. By injecting -o source=/ along with --no-announce-submount...

Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...

PT-2026-42534

Name of the Vulnerable Software and Affected Versions Kata Containers runtime-rs versions prior to 3.31.0 Description A symlink escape exists when virtiofsd is run as root with the flags --sandbox none and --seccomp none. A raw FUSE SYMLINK request allows a guest root user to create symlinks owne...

PT-2026-42624

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. One of the core security features claimed by Boxlite is the ability to mount host directories in read-only mode read only=True into the ...

poc-lab

VulnClaw-PoC PoC & reproduction scripts for recently disclo...

Security update for distribution

This update for distribution rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15...

Security update for buildah

This update for buildah rebuilds it against the current go security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15.5...

CVE-2026-44210

creationtimestamp| type| source ---|---|--- 2026-05-20 08:20:32+00:00| published-proof-of-concept| https://github.com/kata-containers/kata-containers/security/advisories/GHSA-rr59-xxvx-96qr...

Astra Linux – Vulnerability in docker.io

Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine, where the data directory /var/lib/docker, contained subdirectories with insufficiently restricted permissions. This allowed unprivileged Linux users to access and...

Introducing Runtime Threat Detection for Google Cloud Run

Wiz Runtime Sensor support for Google Cloud Run Containers is now generally available, giving teams real-time threat detection and response for their serverless container workloads...

CVE-2026-41602 affecting package kata-containers for versions less than 3.19.1.kata3-2

CVE-2026-41602 affecting package kata-containers for versions less than 3.19.1.kata3-2. A patched version of the package is available...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element during the archive decompression for PUT /containers/id/archive API requests. An attacker can execute arbitrary code on the host with daemon privileges by uploading a compressed archive containing a...

[SECURITY] Fedora 42 Update: apptainer-1.5.0-1.fc42

Apptainer provides functionality to make portable containers that can be used across host environments...

[SECURITY] Fedora 43 Update: apptainer-1.5.0-1.fc43

Apptainer provides functionality to make portable containers that can be used across host environments...

[SECURITY] Fedora 44 Update: apptainer-1.5.0-1.fc44

Apptainer provides functionality to make portable containers that can be used across host environments...

KonR

KonR Hierarchical multi-agent AI penetration testing system p...

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...