OESA-2026-2484 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

CVE-2026-42454

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

CVE-2026-42454

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

Termix 操作系统命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.1.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the Docker container management endpoint not properly cleaning or verifyin...

SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2026:0909-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:0909-1 advisory. This update for container-suseconnect rebuilds it against the current go 1.25 security release. Tenable has extracted the preceding...

CVE-2026-30824

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generati...

CVE-2026-30824

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router /api/v1/nvidia-nim/ is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generati...

Flowise 访问控制错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise 3.0.13 contained an access control vulnerability. This vulnerability stemmed from the inclusion of NVIDIA NIM routers in the global authentication middleware whitelist,...

CVE-2026-23953 Incus container environment configuration newline injection

Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration e.g a member of the ‘incus’ group can create an environment variable containing newlines, which can be used to add additional...

Exploit for CVE-2025-9074

CVE-2025-9074 Docker Container Command Execution Tool A power...

Exploit for CVE-2025-9074

CVE-2025-9074 Docker Container Command Execution Tool A power...

[SECURITY] Fedora 42 Update: podman-5.7.0-1.fc42

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

[SECURITY] Fedora 43 Update: kubernetes1.33-1.33.6-1.fc43

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

[SECURITY] Fedora 41 Update: kubernetes1.32-1.32.10-2.fc41

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

[SECURITY] Fedora 43 Update: kubernetes1.32-1.32.10-2.fc43

Production-Grade Container Scheduling and Management. Installs kubelet, the kubernetes agent on each machine in a cluster. The kubernetes-client sub-package, containing kubectl, is recommended but not strictly required. The kubernetes-client sub-package should be installed on control plane machin...

[SECURITY] Fedora 43 Update: runc-1.3.3-1.fc43

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

[SECURITY] Fedora 43 Update: runc-1.3.2-1.fc43

The runc command can be used to start containers which are packaged in accordance with the Open Container Initiative's specifications, and to manage containers running under runc...

EUVD-2020-18852

Malware in sbrugna...

RLSA-2025:9144 Moderate: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http...

EUVD-2025-18631

Malicious code in bioql PyPI...