9116 matches found
Plone Docker - Host Header Injection
Plone Docker Official Image 5.2.13 5221 is vulnerable to Host Header Injection due to improper validation of input by the HOST headers. This can lead to Cross-Site Scripting XSS attacks when the malicious Host header value is reflected in the response. id: CVE-2024-23055 info: name: Plone Docker ...
H3C SSL VPN <=2022-07-10 - Cross-Site Scripting
H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...
CVE-2026-42306
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...
CVE-2026-41568
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...
EUVD-2026-36528
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...
CVE-2026-42306
CVE-2026-42306 affects Moby/Docker: a race condition during docker cp mount setup could redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Affected are Docker Engine prior to 29.5.1, Docker Daemon 28.5.2 and earlier, and Moby D...
CVE-2026-42306 Moby: Race condition in docker cp allows bind mount redirection to host path
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...
CVE-2026-42306 Moby: Race condition in docker cp allows bind mount redirection to host path
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...
CVE-2026-41568
CVE-2026-41568 describes a race condition in Moby/Docker Engine during docker cp mount setup. A malicious container could create empty files or directories at arbitrary absolute paths on the host filesystem. Affected versions include Docker Engine prior to 29.5.1, Docker Daemon prior to 28.5.2, a...
CVE-2026-41568 Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...
EUVD-2026-36527
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...
CVE-2026-41568 Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...
CVE-2026-41568
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to create empty files or directories at arbitra...
Web-Attack-Detection-Lab
!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...
-Web-Attack-Detection-Lab
!Kali Linuxhttps://img.shields.io/badge/KaliLinux-557C94?sty...
Important: docker
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...
Important: docker
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...
PT-2026-49065
Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the...
Important: docker
Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...
CVE-2026-47172
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged build workflow completes. The build workflow runs on pull requests, and the deploy workflow checks ou...