464 matches found
Use Of Incorrectly-Resolved Name Or Reference
github.com/apptainer/apptainer is vulnerable to Use of Incorrectly-Resolved Name or Reference. The vulnerability is due to improper enforcement of the --security option, which allows an attacker to disable AppArmor or SELinux restrictions and bypass container security controls...
CVE-2026-23924
CVE-2026-23924 affects the Zabbix Agent 2 Docker plugin. The issue is improper sanitization of the docker.container_info parameters when forwarding to the Docker daemon, enabling an attacker capable of invoking Agent 2 to read arbitrary files from running Docker containers by injecting them via t...
Important: Red Hat Security Advisory: Release of containers for RHOSO 18.0.17 security update
Red Hat OpenStack Services on OpenShift RHOSO 18.0.17 containers are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2025-57849 Fuse: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, ca...
CVE-2025-8766
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...
OPENSUSE-SU-2026:20305-1 Security update for podman
This update for podman fixes the following issues: Changes in podman: - Add symlink to catatonit in /usr/libexec/podman bsc1248988 - CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read bsc1253993 - CVE-2025-47913: Fixed...
Astra Linux – Vulnerability in runc-app
Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2, and 1.4.0-rc.2, an attacker can trick runc into redirecting write operations to /proc to other procfs files by using a racing container with shared mounts. We have also verified th...
CVE-2026-27208
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...
CVE-2026-27208 api-gateway-deploy Affected by Exploitable Command Injection via Unprivileged Root Execution
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...
EUVD-2026-8464
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a...
PT-2026-21750
Name of the Vulnerable Software and Affected Versions bleon-ethical/api-gateway-deploy version 1.0.0 Description The software is susceptible to an attack chain involving OS Command Injection and Privilege Escalation. Successful exploitation allows an attacker to execute arbitrary commands with ro...
cosign 信任管理问题漏洞
Cosign is a container signature, verification, and storage mechanism in the OCI registry of the United States. Versions of Cosign prior to 3.0.4 contained a trust management vulnerability. This vulnerability stemmed from issues with the certificate verification logic, potentially causing the...
CVE-2025-13491
IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path...
EUVD-2023-48031
EVE: SSH as Root Unlockable Without Triggering Measured Boot...
Command Injection
Overview clawdbot is a WhatsApp gateway CLI Baileys web with Pi RPC agent Affected versions of this package are vulnerable to Command Injection via unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user can execute arbitrary commands within the...
Container and Containerization archive extraction does not guard against escapes from extraction base directory.
The ArchiveReader.extractContents function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using...
CVE-2025-12985
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image...
CVE-2025-12985 License Service: Privilege escalation vulnerability
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image...
CVE-2026-22252 LibreChat MCP Stdio Remote Command Execution
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fix...
LibreChat 授权问题漏洞
LibreChat is a free, highly customizable, unified AI conversation platform open-sourced by LibreChat, capable of aggregating and running large models from any vendor in a single interface. An authorization issue vulnerability exists in versions prior to LibreChat v0.8.2-rc2 that stems from the MC...