CVE-2026-45626

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

CVE-2026-45625

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

EUVD-2026-33372

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

EUVD-2026-33371

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query parameter into the body of an SVG document via strings.ReplaceAll with no escaping. The substitution...

arcane 安全漏洞

Arcan is an open-source Docker management software developed by Arcane. Versions of Arcan prior to 1.19.0 contained security vulnerabilities. These vulnerabilities stemmed from multiple endpoints in the Huma-based REST API that did not call the checkAdmin helper function. Additionally, the...

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. Vulnerabilities existed in versions of Portainer from 2.33.0 to 2.33.8, as well as in version 2.39.1, due to an issue with authorization verification in custom...

arcane 安全漏洞

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from four GET endpoints under/api/templates, which did not have security requirements set up. This could allow any...

CVE-2026-42454 Termix: OS Command Injection in Docker Container Management Endpoints

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

PT-2026-32043

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.17.3 Description Arcane is an interface for managing Docker containers, images, networks, and volumes. The /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-side HTTP GET...

Arcane Access Control Vulnerability

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.13.2 contained a access control vulnerability. This vulnerability stemmed from the environmental proxy middleware processing requests to remote environments before enforcing authentication. As a...

CVE-2026-23520

Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed defining a command to r...

EUVD-2022-1240

Malicious code in bioql PyPI...

CVE-2025-30206

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

CVE-2025-30206 Dpanel's hard-coded JWT secret leads to remote code execution

Dpanel is a Docker visualization panel system which provides complete Docker management functions. The Dpanel service contains a hardcoded JWT secret in its default configuration, allowing attackers to generate valid JWT tokens and compromise the host machine. This security flaw allows attackers ...

CVE-2025-30206

Dpanel uses a hard-coded JWT secret in its default configuration, enabling attackers to forge valid tokens and bypass authentication, potentially gaining full control of the host. The GO-2025-3612 entry cites remote code execution as the outcome of this flaw in github.com/donknap/dpanel. The advi...

Portainer 安全漏洞

Portainer is a lightweight user management interface for managing Docker environments and Docker hosts. A security vulnerability exists in Portainer CE version 2.19.4 that stems from the presence of a user enumeration vulnerability that could allow an unauthenticated remote user to determine if a...

Lazydocker - The Lazier Way To Manage Everything Docker

A simple terminal UI for both docker and docker-compose, written in Go with the gocui library. Minor rant incoming: Something's not working? Maybe a service is down. docker-compose ps. Yep, it's that microservice that's still buggy. No issue, I'll just restart it: docker-compose restart. Okay now...