Lucene search
K

9352 matches found

CVE
CVE
added 2026/06/30 10:8 p.m.11 views

CVE-2026-56264

CVE-2026-56264 affects Crawl4AI prior to 0.8.7. The Docker API server’s /execute_js endpoint accepts and executes arbitrary JavaScript in the server’s browser context with --disable-web-security enabled, enabling an attacker to run arbitrary JS and, given relaxed browser security, perform server-...

9.2CVSS6.2AI score0.00334EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.26 views

CVE-2026-56264 Crawl4AI - Arbitrary JavaScript Execution via /execute_js Endpoint

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /executejs endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary...

9.2CVSS0.00334EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 9:5 p.m.31 views

CVE-2026-58446 Presenton < 0.8.8-beta - Authentication Bypass of Session Auth via Unprotected MCP Endpoint

Presenton before 0.8.8-beta bundles an MCP server that, on server/Docker deployments configured with session authentication AUTHUSERNAME/AUTHPASSWORD, is reachable unauthenticated at /mcp because the nginx front-end does not apply the authrequest gate to that path and the MCP server auto-mints a...

6.9CVSS0.00437EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 11:41 a.m.2 views

SUSE-SU-2026:22456-1 Security update for docker

This update for docker fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265782. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass...

9.6CVSS6.6AI score0.00781EPSS
Exploits0References9
OSV
OSV
added 2026/06/30 8:53 a.m.5 views

SUSE-SU-2026:2692-1 Security update for docker

This update for docker fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265782. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass...

9.6CVSS7.8AI score0.00781EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.7 views

Malicious code in log-taker1 (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. log-taker1 embeds a full infostealer 2800 lines directly in index.js, executed at install time via postinstall: node test.js. The payload harvests cryptocurrency wallet vaults MetaMask, Phantom, Solflare,...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-319 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

9.8CVSS6.6AI score0.0045EPSS
Exploits2References7
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-346 gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS6AI score0.00401EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 12:0 a.m.2 views

OPENSUSE-SU-2026:11144-1 docker-29.4.0_ce-40.1 on GA media

These are all security issues fixed in the docker-29.4.0ce-40.1 package on the GA media of openSUSE Tumbleweed...

9.6CVSS6.8AI score0.00781EPSS
Exploits0References4
NVD
NVD
added 2026/06/28 2:16 a.m.9 views

CVE-2026-58053

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.35 views

CVE-2026-58053 Gitea act_runner - Container Hardening Bypass via Workflow Container Options

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS0.00265EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/28 1:32 a.m.8 views

EUVD-2026-39973

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
CVE
CVE
added 2026/06/28 1:32 a.m.51 views

CVE-2026-58053

Gitea act_runner (Docker backend) up to act 0.262.0 is vulnerable: the workflow.container.options are merged into the Docker job container HostConfig, and if privileged is set to false, only the Privileged flag is disabled while options such as --pid=host, --cap-add, and --security-opt remain. A ...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/28 1:32 a.m.9 views

CVE-2026-58053

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/28 1:10 a.m.8 views

[SECURITY] Fedora 43 Update: moby-engine-29.6.0-1.fc43

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

9.1CVSS6.3AI score0.00513EPSS
Exploits0
Fedora
Fedora
added 2026/06/28 12:58 a.m.7 views

[SECURITY] Fedora 44 Update: moby-engine-29.6.0-1.fc44

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

9.1CVSS6.3AI score0.00513EPSS
Exploits0
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: docker-buildx-0.35.0-1.fc44

Docker CLI plugin for extended build capabilities with BuildKit...

8.8CVSS6.3AI score0.004EPSS
Exploits0
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: docker-buildkit-0.31.0-1.fc44

Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit...

8.8CVSS6.3AI score0.004EPSS
Exploits0
Fedora
Fedora
added 2026/06/27 12:57 a.m.4 views

[SECURITY] Fedora 43 Update: docker-buildx-0.35.0-1.fc43

Docker CLI plugin for extended build capabilities with BuildKit...

8.8CVSS6.3AI score0.004EPSS
Exploits0
Fedora
Fedora
added 2026/06/27 12:57 a.m.4 views

[SECURITY] Fedora 43 Update: docker-buildkit-0.31.0-1.fc43

Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit...

8.8CVSS6.3AI score0.004EPSS
Exploits0
Rows per page
Query Builder