CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

84 matches found

CVE-2026-44848

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

5.7AI score0.00039EPSS

Exploits1References2Affected Software1

EUVD•added 6 days ago•4 views

EUVD-2026-33064

9.4CVSS5.7AI score0.00039EPSS

Exploits1References1

Vulnrichment•added 6 days ago•6 views

CVE-2026-44848 Portainer: Missing authorization on Docker plugin endpoints allows host RCE

9.4CVSS5.7AI score0.00039EPSS

Exploits1References1

Cvelist•added 6 days ago•23 views

CVE-2026-44848 Portainer: Missing authorization on Docker plugin endpoints allows host RCE

9.4CVSS0.00039EPSS

Exploits1References1

CNNVD•added 6 days ago•4 views

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. Vulnerabilities exist in versions of Portainer Community Edition from 2.33.0 to 2.33.8, as well as in versions prior to 2.39.2 and 2.41.0. These vulnerabilitie...

9.4CVSS5.9AI score0.00039EPSS

Exploits1References2

Fedora•added 2026/05/23 4:1 p.m.•5 views

[SECURITY] Fedora 42 Update: docker-buildx-0.34.0-1.fc42

Docker CLI plugin for extended build capabilities with BuildKit...

5.5CVSS7.1AI score0.00009EPSS

Exploits0

Fedora•added 2026/05/23 12:58 a.m.•5 views

[SECURITY] Fedora 44 Update: docker-buildx-0.34.0-1.fc44

Docker CLI plugin for extended build capabilities with BuildKit...

5.5CVSS7.1AI score0.00009EPSS

Exploits0

Github Security Blog•added 2026/05/14 4:22 p.m.•4 views

Portainer missing authorization on Docker plugin endpoints, which allows host RCE

Summary Portainer enforces Role-Based Access Control RBAC on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers containers, images, services, volumes, etc. that apply authorization checks. The Docker plugin management endpoints /plugins/ were not...

9.4CVSS6AI score0.00039EPSS

Exploits1References5Affected Software1

Amazon•added 2026/05/14 12:0 a.m.•5 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00016EPSS

Exploits0

OSV•added 2026/05/03 9:55 a.m.•3 views

OESA-2026-2138 moby security update

Docker is a product for you to build, ship and run any application as a lightweight container. Security Fixes: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plug...

8.8CVSS7.1AI score0.00016EPSS

Exploits0References3

SUSE CVE•added 2026/04/06 11:24 p.m.•2 views

SUSE CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

8.1CVSS5.7AI score0.00016EPSS

Exploits0References4

Tenable Nessus•added 2026/04/03 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be...

8.1CVSS5.8AI score0.00016EPSS

Exploits0References3

RedhatCVE•added 2026/03/31 11:26 p.m.•0 views

CVE-2026-33997

A flaw was found in Moby, an open-source container framework. This vulnerability allows for a privilege validation bypass during docker plugin install. Due to an error in the daemon's privilege comparison logic, the system may incorrectly accept a plugin's requested privileges that differ from...

8.4CVSS5.8AI score0.00016EPSS

Exploits0References5

NVD•added 2026/03/31 3:15 a.m.•0 views

CVE-2026-33997

8.1CVSS0.00016EPSS

Exploits0References2

OSV•added 2026/03/31 3:15 a.m.•1 views

UBUNTU-CVE-2026-33997

8.1CVSS5.7AI score0.00016EPSS

Exploits0References4

ATTACKERKB•added 2026/03/31 1:36 a.m.•1 views

CVE-2026-33997

6.8CVSS5.7AI score0.00016EPSS

Exploits0References3Affected Software1

Debian CVE•added 2026/03/31 1:36 a.m.•1 views

CVE-2026-33997

8.1CVSS5.2AI score0.00016EPSS

Exploits0

OSV•added 2026/03/31 1:36 a.m.•0 views

CVE-2026-33997 Moby: Off-by-one error in plugin privilege validation

6.8CVSS5.7AI score0.00016EPSS

Exploits0References4

CVE•added 2026/03/31 1:36 a.m.•9 views

CVE-2026-33997

CVE-2026-33997 affects Moby (docker) prior to 29.3.1. A daemon privilege-validation check is flawed, potentially allowing a privilege set that differs from the user-approved one to be accepted during docker plugin installation. Plugins requesting exactly one privilege are also affected because th...

8.1CVSS5.7AI score0.00016EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2026/03/31 1:36 a.m.•1 views

CVE-2026-33997

8.1CVSS5.7AI score0.00016EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by