CVE-2026-39848 Dockyard's Unauthenticated Cron Endpoint in Dockyard Enables Container Enumeration and Database Manipulation

Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name= or...

CVE-2026-32817

CVE-2026-32817 (Admidio) is a high-severity vulnerability in versions 5.0.0–5.0.6 where the documents/files module does not enforce proper authorization or CSRF checks on folder_delete/file_delete. The handlers read UUIDs from GET parameters and perform only a VIEW check before deletion, allowing...