Lucene search
K

12 matches found

OSV
OSV
added 2026/06/18 1:5 p.m.6 views

GHSA-R2XF-7JW5-PJG6 Docker MCP Gateway: Argument injection via OCI image label YAML

Summary A maliciously crafted OCI image label can inject arbitrary arguments into the docker run command line constructed by the MCP Gateway. An attacker who controls an image that the victim references via docker://, or that the victim's catalog pulls a snapshot from, can mount the host...

8.7CVSS6.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50746

Name of the Vulnerable Software and Affected Versions Docker MCP Plugin affected versions not specified Description A flaw in the OCI image label parsing allows an attacker to inject arbitrary arguments into the docker run command line. This occurs because the io.docker.server.metadata label is...

8.7CVSS6.3AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/27 12:45 a.m.6 views

CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

7.8CVSS6.1AI score0.00257EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/30 9:51 p.m.7 views

Directory Traversal

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Directory Traversal via the TechdocsGenerator function when processing documentation from...

7CVSS6.5AI score0.00387EPSS
Exploits0References2
CVE
CVE
added 2026/01/30 9:51 p.m.20 views

CVE-2026-25152

The CVE-2026-25152 entry concerns the Backstage @backstage/plugin-techdocs-node, where versions before 1.13.11 and 1.14.1 allow path traversal via the TechDocs local generator when techdocs.generator.runIn is set to local. This permits reading arbitrary host files as MkDocs follows symlinks in do...

6.5CVSS6AI score0.00387EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/04/18 10:15 p.m.17 views

CVE-2024-32473

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an ipvl...

6.5CVSS4.4AI score0.00353EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2023/10/10 2:20 p.m.2036 views

Exploit for Uncontrolled Resource Consumption in Ietf Http

CVE-2023-44487 Basic vulnerability scanning to see if web serv...

7.5CVSS8.3AI score0.99999EPSS
Exploits19
Spring Security Advisories
Spring Security Advisories
added 2022/12/27 8:0 a.m.28 views

This Week in Spring - Happy New Year 2023 edition - December 27th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its 27 December as I write this and - being honest - I couldnt be happier. Its raining outside. Im in a warm cozy office. Good music is playing. People are asleep in my home. I can hear the raindrops and wind outside the...

7.4AI score
Exploits0
GithubExploit
GithubExploit
added 2022/11/17 5:24 p.m.666 views

Exploit for Improper Input Validation in Imagemagick

Container Escape Exploit This is a container escape exploit t...

10CVSS8.3AI score0.97485EPSS
Exploits22
GithubExploit
GithubExploit
added 2022/01/26 4:27 p.m.333 views

Exploit for Integer Overflow or Wraparound in Linux Linux_Kernel

Container running cve-2022-0185 crash POC !seccomp or busth...

8.4CVSS7.1AI score0.25151EPSS
Exploits11
Kitploit
Kitploit
added 2020/02/18 8:16 p.m.93 views

CVE Api - Parse & filter the latest CVEs from cve.mitre.org

Parse & filter the latest CVEs from https://cve.mitre.org. Docs Usage http://localhost:4000/cve?target=KEYWORD The year parameter is optional. http://localhost:4000/cve?target=KEYWORD&year=YEAR Examples http://localhost:4000/cve?target=ruby%20on%20rails...

7.3AI score
Exploits0References5
Kitploit
Kitploit
added 2018/08/13 12:37 p.m.41 views

RouterSploit v3.3.0 - Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

7.6AI score
Exploits0References1
Rows per page
Query Builder