Lucene search
K

9352 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-57572

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS0.00523EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-42148

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS6.2AI score0.00121EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-42148 Coolify: Command Injection via Unescaped Version String in Docker Build

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS0.00121EPSS
Exploits0References3
CVE
CVE
added 2 days ago11 views

CVE-2026-42148

Vulnerability summary (CVE-2026-42148) Coolify pre-4.0.0-beta.474 has a command injection flaw in the buildHelperImage path (app/Livewire/Settings/Index.php) where Docker build commands are constructed using the dev_helper_version field without shell escaping. In a development environment, an att...

3.8CVSS6.2AI score0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-57572

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server accepted request-supplied browserconfig.extraargs, which flowed into Chromium's launch arguments. An attacker could inject Chromium switches that replace a child-process launch command together...

10CVSS6.1AI score0.00523EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2 days ago10 views

CVE-2026-57572

Crawl4AI prior to version 0.9.0 was vulnerable to unauthenticated remote command execution through Chromium launch-argument injection. The Docker API server accepted request-supplied browser_config.extra_args, which flowed into Chromium’s launch arguments and could be manipulated to replace a chi...

10CVSS6.1AI score0.00523EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-57573 Crawl4AI unauthenticated SSRF in Docker streaming crawl endpoint

Crawl4AI is an open-source LLM-friendly web crawler and scraper. Prior to 0.9.0, the Docker API server applied its SSRF destination check on the non-streaming /crawl path but not on the streaming path. handlestreamcrawlrequest passed seed URLs straight to the crawler with no destination validatio...

8.6CVSS0.00262EPSS
Exploits0References2
CVE
CVE
added 2 days ago10 views

CVE-2026-57573

CVE-2026-57573 affects Crawl4AI: unauthenticated SSRF via the Docker stream endpoint. Before 0.9.0, SSRF checks were only on the non‑streaming /crawl path; handle_stream_crawl_request forwarded seed URLs with no destination validation. This allowed a remote, unauthenticated client to POST to /cra...

8.6CVSS6AI score0.00262EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2 days ago16 views

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 CVSS score: 9.8, a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header...

9.8CVSS7.2AI score0.00783EPSS
Exploits4
OSV
OSV
added 2 days ago3 views

PYSEC-2026-773 Remote code execution in Apache Airflow Docker's Provider

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above...

8.8CVSS6.3AI score0.01602EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-14784

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

6.5CVSS0.00228EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-14784 vxcontrol PentAGI Docker API client.go sandbox

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

6.5CVSS0.00228EPSS
Exploits0References7
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41795

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References7
CVE
CVE
added 2 days ago9 views

CVE-2026-14784

CVE-2026-14784 affects vxcontrol PentAGI up to 2.1.0, involving the Docker API client (backend/pkg/docker/client.go) and a sandbox issue in an unknown function. The advisory notes a remote-initiated attack vector, with a pull request to fix this issue awaiting acceptance. There are no details in ...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2 days ago8 views

CVE-2026-14784

A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptan...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

Photon OS 4.0: Docker PHSA-2026-4.0-1050

An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1050. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS5.9AI score0.00153EPSS
Exploits0References3
Photon
Photon
added 4 days ago5 views

Important Photon OS Security Update - PHSA-2026-4.0-1050

Updates of 'docker' packages of Photon OS have been released...

7.5CVSS5.9AI score0.00153EPSS
Exploits0
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-20896 Gitea Docker image trusts spoofable reverse-proxy headers by default

Gitea Docker image versions up to and including 1.26.2 use REVERSEPROXYTRUSTEDPROXIES= by default, allowing any source IP to impersonate a user when reverse-proxy authentication headers such as X-WEBAUTH-USER are enabled...

9.8CVSS0.00783EPSS
Exploits4References4
CVE
CVE
added 5 days ago114 views

CVE-2026-20896

CVE-2026-20896 affects Gitea Docker images up to and including 1.26.2. The root cause is the default setting REVERSE_PROXY_TRUSTED_PROXIES=*, which can let an attacker impersonate a user when reverse-proxy authentication headers (e.g., X-WEBAUTH-USER) are enabled. Several sources document this, i...

9.8CVSS7.1AI score0.00783EPSS
Exploits4References4
OSV
OSV
added 5 days ago2 views

SUSE-SU-2026:2740-1 Security update for golang-github-docker-libnetwork

This update for golang-github-docker-libnetwork fixes the following issue - CVE-2026-2808: github.com/hashicorp/consul: unvalidated user-supplied file paths can lead to arbitrary file reads through the Vault Kubernetes authentication provider bsc1259566...

6.8CVSS6AI score0.00475EPSS
Exploits0References3
Rows per page
Query Builder