Lucene search
K

97 matches found

Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.7 views

PT-2026-32043

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.17.3 Description Arcane is an interface for managing Docker containers, images, networks, and volumes. The /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET...

7.2CVSS5.8AI score0.00621EPSS
Exploits1References11
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

arcane 代码问题漏洞

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.17.3 contained code vulnerabilities. These vulnerabilities stemmed from the /api/templates/fetch endpoint, which accepted URL parameters provided by callers and processed HTTP GET requests witho...

7.2CVSS5.9AI score0.00621EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/03/22 8:16 a.m.373 views

Exploit for OS Command Injection in Arcane

CVE-2026-23520-PoC Arcane MCP Command Injection Kobold HT...

9CVSS6.2AI score0.01643EPSS
Exploits6
GithubExploit
GithubExploit
added 2026/03/21 9:52 p.m.767 views

Exploit for OS Command Injection in Arcane

CVE-2026-23520 — Arcane Lifecycle Label RCE OS Command In...

9CVSS6.2AI score0.01643EPSS
Exploits6
GithubExploit
GithubExploit
added 2026/03/21 9:18 p.m.211 views

Exploit for OS Command Injection in Arcane

CVE-2026-23520 A proof‑of‑concept exploit demonstrat...

9CVSS6AI score0.01643EPSS
Exploits6
SUSE CVE
SUSE CVE
added 2026/01/27 12:26 a.m.16 views

SUSE CVE-2026-23520

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane's updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

9CVSS5.9AI score0.01643EPSS
Exploits6References2
OSV
OSV
added 2026/01/23 2:28 a.m.10 views

GO-2026-4320 Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE in github.com/getarcaneapp/arcane/backend

Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE in github.com/getarcaneapp/arcane/backend...

9CVSS5.5AI score0.01643EPSS
Exploits6References5
NVD
NVD
added 2026/01/19 10:16 p.m.51 views

CVE-2026-23944

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

9.8CVSS0.00445EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/19 9:16 p.m.68 views

CVE-2026-23944 Arcane allows unauthenticated proxy access to remote environments

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

9.3CVSS0.00445EPSS
Exploits0References4
OSV
OSV
added 2026/01/19 9:16 p.m.18 views

CVE-2026-23944 Arcane allows unauthenticated proxy access to remote environments

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to remote environment resources without authentication. The environment proxy middleware handled...

9.3CVSS5.6AI score0.00445EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.8 views

Arcane Access Control Vulnerability

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.13.2 contained a access control vulnerability. This vulnerability stemmed from the environmental proxy middleware processing requests to remote environments before enforcing authentication. As a...

9.8CVSS5.8AI score0.00445EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/16 7:25 p.m.6 views

CVE-2026-23520

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

9CVSS7.4AI score0.01643EPSS
Exploits6References1
OSV
OSV
added 2026/01/15 8:10 p.m.5 views

GHSA-GJQQ-6R35-W3R8 Arcane Has a Command Injection in Arcane Updater Lifecycle Labels That Enables RCE

Summary Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to run before or after a container update. The label value is passed directly to /bin/sh -c without sanitizati...

9CVSS7.6AI score0.01643EPSS
Exploits6References6
Snyk
Snyk
added 2026/01/15 7:50 p.m.8 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the updater service which supported lifecycle labels. An attacker can execute arbitrary commands by supplying a crafted value to the lifecycle label, which is then passed unsanitized to the shell for execution when...

9.3CVSS6.2AI score0.01643EPSS
Exploits6References2
Snyk
Snyk
added 2026/01/15 7:50 p.m.5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the updater service which supported lifecycle labels. An attacker can execute arbitrary commands by supplying a crafted value to the lifecycle label, which is then passed unsanitized to the shell for execution when...

9.3CVSS6.2AI score0.01643EPSS
Exploits6References2
OSV
OSV
added 2026/01/15 7:20 p.m.8 views

CVE-2026-23520 Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

9CVSS7.3AI score0.01643EPSS
Exploits6References6
Cvelist
Cvelist
added 2026/01/15 7:20 p.m.27 views

CVE-2026-23520 Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

9CVSS0.01643EPSS
Exploits6References4
ATTACKERKB
ATTACKERKB
added 2026/01/15 7:20 p.m.17 views

CVE-2026-23520

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

9CVSS5.7AI score0.01643EPSS
Exploits6References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/15 7:20 p.m.6 views

CVE-2026-23520 Arcane has a Command Injection in Arcane Updater Lifecycle Labels Enables RCE

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

9CVSS7AI score0.01643EPSS
Exploits6References4
EUVD
EUVD
added 2026/01/15 7:20 p.m.8 views

EUVD-2026-2738

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

9CVSS6.9AI score0.01643EPSS
Exploits6References5
Rows per page
Query Builder