CVE-2026-42454

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

PT-2026-39220

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.1.0 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. All Docker container management endpoints interpolate the containerId URL path...

WordPress plugin WP Carousel Free 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

CVE-2026-40077

Summary: CVE-2026-40077 describes an IDOR in Beszel’s hub API endpoints that read a system ID from URL parameters. Prior to version 0.18.7, an authenticated user could access routes for any system if they knew the system ID, with system IDs being 15-character alphanumeric tokens and container IDs...

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

PT-2026-31706

Name of the Vulnerable Software and Affected Versions Beszel versions prior to 0.18.7 Description Beszel is a server monitoring platform. Some API endpoints in the Beszel hub accept a user-supplied system ID without verifying user access permissions. This allows authenticated users to access rout...

CVE-2026-35179 WWBN AVideo Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Facebook/Instagram Graph API. The endpoint accepts user-controlled parameters including an access...

GO-2026-4571 Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID in github.com/henrygd/beszel

Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID in github.com/henrygd/beszel...

GHSA-M855-R557-5RC5 Dozzle Agent Label-Based Access Control Bypass Allows Unauthorized Container Shell Access

Summary A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters for example, label=env=dev to obtain an interactive root shell in out‑of‑scope containers for example, env=prod on the same agent host by directly targeting their container IDs. Note: Tested on v9.0....

DEBIAN-CVE-2014-5278

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs...