CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-11065 affecting package docker-buildx for versions less than 0.14.0-10

CVE-2025-11065 affecting package docker-buildx for versions less than 0.14.0-10. A patched version of the package is available...

CVE-2025-11065 affecting package docker-cli for versions less than 25.0.7-2

CVE-2025-11065 affecting package docker-cli for versions less than 25.0.7-2. A patched version of the package is available...

rami-kali-MCP

Red Team MCP Server MCP Model Context Protocol server that...

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

EUVD-2026-10874

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

EUVD-2026-10875

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

CVE-2026-30953

LinkAce is affected by CVE-2026-30953 due to missing validation for NoPrivateIpRule during link creation. The server fetches HTML metadata from user-provided URLs in LinkRepository::create() via HtmlMeta::getFromUrl(), and the NoPrivateIpRule is only applied in FetchController.php, not in the pri...

GO-2026-4610 Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli...

GO-2026-4571 Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID in github.com/henrygd/beszel

Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID in github.com/henrygd/beszel...

BIT-DOCKER-CLI-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

coral-server 安全漏洞

Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of forced strong authentication during active sessions, allowing attacker...

coral-server 安全漏洞

Coral-server is a Docker-based server operation and configuration management tool developed by CoralOS. Versions of coral-server prior to 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the/api/v1/sessions endpoint, which allowed the creation of proxy sessions without...

EulerOS 2.0 SP13 : docker-engine (EulerOS-SA-2026-1230)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and...

PT-2026-24602

Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a victi...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2026-1230)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2026-1266)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-29186

A flaw was found in Backstage. The backstage/plugin-techdocs-node package uses an allowlist to filter dangerous MkDocs configuration keys during the documentation build process. A gap in this allowlist allows attackers to craft an mkdocs.yml file that causes arbitrary Python code execution...

CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

SUSE: Security Advisory (SUSE-SU-2026:20585-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...