Lucene search
K

13883 matches found

EUVD
EUVD
added 2026/06/28 1:32 a.m.8 views

EUVD-2026-39973

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/28 1:10 a.m.9 views

[SECURITY] Fedora 43 Update: moby-engine-29.6.0-1.fc43

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

9.1CVSS6.3AI score0.00533EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-28385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with t...

5CVSS6AI score0.0017EPSS
Exploits1References2
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.9 views

GHSA-89GR-R52H-F8RX vulnerabilities

Vulnerabilities for packages: containerd, nfpm, kaf, pulumi-language-yaml, dagger, skaffold, flux-image-automation-controller, glab, witness, docker, gatus, external-dns, argo-events, openbao, falcoctl, act, slsa-verifier, crossplane-provider-azure-storage, neuvector-sigstore-interface, tkn,...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/26 7:20 p.m.2 views

GHSA-CR2J-534F-MF3G Apptainer has incorrect path matching for 'limit container paths' directive

Impact The limit container paths directive in apptainer.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For example,...

4.8CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/26 6:46 p.m.3 views

GHSA-VXP5-584Q-C479 Incus has arbitrary file read+write on host via templates/ symlink in malicious image

Summary A specially crafted image or instance backup can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution. Details For container images, internal/server/storage/utils.go calls archive.UnpackimageFile, destPath, .... The tar extraction pa...

9.9CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/06/26 6:31 p.m.3 views

GHSA-2Q3F-Q5PQ-G8WV Incus has an arbitrary file read+write on host via rootfs/ symlink in malicious image

Summary A specially crafted image can be used to read or create/write arbitrary files on the host; possibly leading to arbitrary command execution. Details Incus validates an image as soon as it sees a normal metadata.yaml and a rootfs/ entry, but full extraction can later process a duplicate...

9.9CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/06/26 5:16 p.m.3 views

DEBIAN-CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.0017EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 4:30 p.m.29 views

CVE-2026-55686

Summary of CVE-2026-55686 (Podman: WORKDIR symlink traversal) Affects Podman versions 3.0.0 through 5.7.0 where a container image run with a crafted WORKDIR path that contains a symlink can cause a host filesystem change: create a directory or modify ownership. Ownership modification is less like...

5.3CVSS5.8AI score0.00317EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 4:29 p.m.38 views

CVE-2026-57231 Podman: Malformed Image can trick podman run into leaking host environment variables into the container

Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that variable from the host into the container. This is made worse by the fact that using an asterisk wi...

7.5CVSS0.0026EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 4:23 p.m.35 views

CVE-2026-54636 Dokku: OS Command Injection via app.json managed Cron

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...

9CVSS0.00274EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 4:23 p.m.17 views

CVE-2026-54636

CVE-2026-54636 concerns Dokku’s cron plugin, which prior to 0.38.7 used commands from app.json to manage system cron for the Dokku user. A cron entry containing shell metacharacters (e.g., >, ;) can escape the container and run commands on the host as the Dokku user, enabling OS command inject...

9.9CVSS5.9AI score0.00274EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 4:16 p.m.3 views

DEBIAN-CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS5.8AI score0.00342EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/26 3:39 p.m.6 views

CVE-2026-9639

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expiresat snapshot field...

6.5CVSS5.7AI score0.00389EPSS
Exploits1
EUVD
EUVD
added 2026/06/26 3:32 p.m.8 views

EUVD-2026-39652

Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...

8CVSS5.9AI score0.00954EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/26 3:9 p.m.9 views

CVE-2026-41567

A flaw was found in Moby, the open-source container framework, and Docker Engine. A malicious container image can exploit this vulnerability to achieve arbitrary code execution with full daemon privileges, including host root access. This occurs when a user uploads a compressed archive to the...

7.5CVSS6.4AI score0.00153EPSS
Exploits0References4
Debian
Debian
added 2026/06/26 3:6 p.m.10 views

[SECURITY] [DSA 6370-1] incus security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6370-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 26, 2026 https://www.debian.org/security/faq -...

6.1AI score0.00025EPSS
Exploits0
NVD
NVD
added 2026/06/26 1:16 p.m.10 views

CVE-2026-40711

Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...

8CVSS0.00954EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 12:31 p.m.43 views

CVE-2026-40711

Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...

8CVSS0.00954EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:31 p.m.7 views

CVE-2026-40711

Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...

8CVSS5.9AI score0.00954EPSS
Exploits1References2
Rows per page
Query Builder