153 matches found
GHSA-4VRQ-3VRQ-G6GG vulnerabilities
Vulnerabilities for packages: buildah, guac, scorecard, trivy, trivy-operator-fips, docker-cli-buildx-fips, docker-fips, trivy-fips, docker-compose-fips, cloudbeat, kubescape, cloudbeat-fips, livekit-cli, conftest, kubescape-server-fips, skaffold-fips, docker-compose, kubescape-server,...
CVE-2026-33747 vulnerabilities
Vulnerabilities for packages: buildah, guac, scorecard, trivy, trivy-operator-fips, docker-cli-buildx-fips, docker-fips, trivy-fips, docker-compose-fips, cloudbeat, kubescape, cloudbeat-fips, livekit-cli, conftest, kubescape-server-fips, skaffold-fips, docker-compose, kubescape-server,...
CVE-2026-33748 vulnerabilities
Vulnerabilities for packages: buildah, guac, scorecard, trivy, trivy-operator-fips, docker-cli-buildx-fips, docker-fips, trivy-fips, docker-compose-fips, cloudbeat, kubescape, cloudbeat-fips, livekit-cli, conftest, kubescape-server-fips, skaffold-fips, docker-compose, kubescape-server,...
CVE-2025-11065 affecting package docker-cli for versions less than 25.0.7-2
CVE-2025-11065 affecting package docker-cli for versions less than 25.0.7-2. A patched version of the package is available...
GO-2026-4610 Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli
Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli...
BIT-DOCKER-CLI-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...
CVE-2025-15558
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...
Uncontrolled Search Path Element
Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element in the legacy system-wide cli-plugin path. An attacker can gain elevated privileges by placing a crafted binary in C:\ProgramData\Docker\cli-plugins directory that is searched by the application when...
Docker CLI 安全漏洞
Docker CLI is a command-line management tool for containerized applications, open-sourced by Docker. Versions of Docker CLI prior to 29.1.5 contain security vulnerabilities. These vulnerabilities stem from an insecure search path for plugin binary files on Windows, which could allow low-privilege...
PT-2026-22939
Name of the Vulnerable Software and Affected Versions Docker CLI versions through 29.1.5 Docker Compose versions 2.31.0 through 5.0.0 Description The Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. An attacker with...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: terraform-provider-pagerduty, q, gitea, zarf, cerbos, gitaly, flux-source-controller, crossplane-provider-aws-cloudwatchlogs, extism, rancher-fleet, grafana, k9s, pulumi-language-dotnet, flux-kustomize-controller, crossplane-provider-azure-sql, nuclei, pulumi,...
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: terraform-provider-pagerduty, q, gitea, zarf, cerbos, gitaly, flux-source-controller, crossplane-provider-aws-cloudwatchlogs, extism, rancher-fleet, grafana, k9s, pulumi-language-dotnet, flux-kustomize-controller, crossplane-provider-azure-sql, nuclei, pulumi,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: chainctl, aactl, flux-image-automation-controller, kubevela, pulumi, terraform-provider-pagerduty, grafana-alloy-fips, lazygit, crossplane-provider-keycloak-fips, crossplane-provider-family-aws-fips, gitaly-fips, gptscript, syft-fips, crossplane-provider-aws-sns, apk...
AZL-75413 CVE-2025-11065 affecting package docker-cli 25.0.7-1
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
[SECURITY] Fedora 41 Update: docker-buildx-0.30.1-1.fc41
Docker CLI plugin for extended build capabilities with BuildKit...
[SECURITY] Fedora 42 Update: docker-buildx-0.30.1-1.fc42
Docker CLI plugin for extended build capabilities with BuildKit...
[SECURITY] Fedora 43 Update: docker-buildx-0.30.1-1.fc43
Docker CLI plugin for extended build capabilities with BuildKit...
[SECURITY] Fedora 41 Update: docker-buildx-0.29.1-1.fc41
Docker CLI plugin for extended build capabilities with BuildKit...
EUVD-2021-2512
Malware in sbrugna...
EUVD-2023-24414
Malicious code in bioql PyPI...