SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2026:2042-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2042-1 advisory. This update for container-suseconnect rebuilds it against the current go security release. Tenable has extracted the preceding description...

Falco 0.44.0

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...

USN-8305-1: Linux kernel (Intel IoTG Real-time) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

USN-8279-3: Linux kernel (NVIDIA Tegra IGX) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

USN-8289-2 linux-nvidia-6.8 vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

Critical: Red Hat Security Advisory: General availability of the satellite/iop-gateway-rhel9 container image

A new satellite/iop-gateway-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, and...

CVE-2026-9358

A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...

EUVD-2026-31571

A vulnerability was determined in postcss up to 7.1.1. Affected is the function toString of the file src/selectors/container.js of the component AST Serialization. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-9358

The CVE-2026-9358 vulnerability affects postcss up to 7.1.1, specifically the toString function in src/selectors/container.js of the AST Serialization component. A manipulated input can cause uncontrolled recursion, enabling a remote DoS. Public exploitation is indicated, with PoC-like details ci...

OSV-2026-803 Container-overflow in OpenBabel::MDLFormat::ReadV3000Block

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515663946 Crash type: Container-overflow READ 1 Crash state: OpenBabel::MDLFormat::ReadV3000Block OpenBabel::MDLFormat::ReadMolecule OpenBabel::OBConversion::Read...

PT-2026-45893

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515663946 Crash type: Container-overflow READ 1 Crash state: OpenBabel::MDLFormat::ReadV3000Block OpenBabel::MDLFormat::ReadMolecule OpenBabel::OBConversion::Read...

CVE-2026-5817

The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...

USN-8280-2 linux-azure, linux-azure-5.4, linux-azure-fips vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

CVE-2026-5817

CVE-2026-5817 affects the vllm-metal backend used by Docker Model Runner on macOS. The backend loads model tokenizers with trust_remote_code=True, causing transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files from models pulled from an OCI registry. This can en...

USN-8281-2: Linux kernel (Azure) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

CVE-2026-6406

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

CVE-2026-6406 Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

CVE-2026-6406 Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

EUVD-2026-31484

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

CVE-2026-6406

CVE-2026-6406 describes a local privilege-escalation in Docker Desktop via Enhanced Container Isolation (ECI). When ECI is enabled, container-originated Docker socket mounts are denied unless explicitly allowed; however, the Docker CLI flag --use-api-socket mounts the Docker socket using HostConf...