CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the...

6.8CVSS6.9AI score0.00319EPSS

Exploits1References3

OSV•added 2025/10/02 10:15 a.m.•2 views

UBUNTU-CVE-2025-54288

6.8CVSS5.8AI score0.00319EPSS

Exploits1References3

Cvelist•added 2025/10/02 9:20 a.m.•10 views

CVE-2025-54288 Source Container Identification Vulnerability via cmdline Spoofing in devLXD Server

5.1CVSS0.00319EPSS

Exploits1References1

IBM Security Bulletins•added 2025/10/01 3:29 p.m.•4 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands that use MQ clients are vulnerable to password disclosure [CVE-2025-36100]

Summary The IBM MQ client code is available in the IBM App Connect Enterprise Certified Container image used by an IntegrationServer or IntegrationRuntime component. The client is vulnerable to a password disclosure vulnerability when MQ trace is enabled. This bulletin provides patch information ...

5.5CVSS6.4AI score0.00094EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/09/30 8:56 p.m.•10 views

CVE-2025-34221

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 VA/SaaS deployments expose every internal Docker container to the network because firewall rules allow unrestricted traffic to the Docker bridge network. Because no...

10CVSS8.5AI score0.01381EPSS

Exploits1References1

RedhatCVE•added 2025/09/30 8:56 p.m.•7 views

CVE-2025-34218

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container...

10CVSS7.1AI score0.00948EPSS

Exploits1References1

RedhatCVE•added 2025/09/30 8:56 p.m.•11 views

CVE-2025-34234

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain two hardcoded private keys that are shipped in the application containers printerlogic/pi, printerlogic/printer-admin-api, and printercloud/pi...

9.2CVSS6.6AI score0.00374EPSS

Exploits1References1

Cvelist•added 2025/09/30 2:37 p.m.•9 views

CVE-2025-57852 Openshift-ai: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

6.4CVSS0.00144EPSS

Exploits0References7

Tenable Nessus•added 2025/09/30 12:0 a.m.•3 views

NewStart CGSL MAIN 6.06 : docker-ce Vulnerability (NS-SA-2025-0232)

The remote NewStart CGSL host, running version MAIN 6.06, has docker-ce packages installed that are affected by a vulnerability: - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where supplementary groups are not set up...

6.3CVSS7.2AI score0.00807EPSS

Exploits0References3