9322 matches found
Fedora 43 : docker-buildkit (2026-1a714d39b0)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1a714d39b0 advisory. - Update to release v0.31.0 - Resolve CVE-2026-39829: rhbz2489939, rhbz2490056 - Upstream new features and fixes Tenable has extracted the preceding...
Fedora 44 : docker-buildx (2026-105f7df940)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-105f7df940 advisory. - Update to release v0.35.0 - Resolves: rhbz2487819 - Resolves CVE-2026-39828: rhbz2489918, rhbz2490102 - Upstream enhancements, new features, and...
Fedora 44 : docker-buildkit (2026-1e00728616)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1e00728616 advisory. - Update to release v0.31.0 - Resolve CVE-2026-39829: rhbz2489939, rhbz2490056 - Upstream new features and fixes Tenable has extracted the preceding...
PT-2026-52984
Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.21 Description The authentication filter for the REST API endpoint /api/v1/ incorrectly treats any request path ending in /configs as a public instance-config endpoint, allowing it t...
GO-2026-5668 Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker...
GO-2026-5746 Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker
Docker: PUT /containers/id/archive executes container binary on the host in github.com/docker/docker...
GO-2026-5617 Docker: Race condition in docker cp allows bind mount redirection to host path in github.com/docker/docker
Docker: Race condition in docker cp allows bind mount redirection to host path in github.com/docker/docker...
ROS-20260625-73-0023
The vulnerability in Docker CE is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow an attacker to increase their privileges...
CVE-2026-13140
Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e...
CVE-2026-56262
CVE-2026-56262 affects Crawl4AI prior to 0.8.7, due to an authentication bypass in the monitor router endpoints that lets unauthenticated attackers reach destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint to manipulate monitoring state and cause service disr...
CVE-2026-13140
Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e...
CVE-2026-13140
The CVE-2026-13140 entry concerns Canarytokens.org (Thinkst Applied Research) with a Stored Cross-Site Scripting flaw in the exposed AWS API key store. Affected: Canarytokens Docker images from tag sha-4116b92cb up to before sha-f5aa5c4e and Git commit 4116b92cb before f5aa5c4e. Attack requires k...
Photon OS 5.0: Docker PHSA-2026-5.0-0869
An update of the docker package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0869. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
PT-2026-52103
Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The bundled supervisord exposes an XML-RPC interface on port 9001, which is accessible from outside the container through a Caddy reverse-proxy route at the '/supervisor/' endpoint. An authenticated...
CVE-2026-53754
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...
CVE-2026-53755
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.9, the Docker API server applied its SSRF destination check to the crawl target URL only, not to the proxy address. An unauthenticated request could supply a proxy pointing at an internal IP and route the browser through...
CVE-2026-53753 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT...
CVE-2026-53754 Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...
CVE-2026-53754
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach...
CVE-2026-53754
CVE-2026-53754 affects Crawl4AI prior to version 0.8.8. The Docker API server’s SSRF protection (validate_webhook_url/validate_url_destination) used an explicit IPv4/IPv6 CIDR blocklist that missed several address families, allowing an unauthenticated attacker to reach internal services and cloud...