9215 matches found
CVE-2025-14740
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...
CVE-2025-14740 Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...
EUVD-2025-206791
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...
CVE-2025-14740 Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities
Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...
CVE-2025-14740
Docker Desktop for Windows contains permission-assignment vulnerabilities in the installer for C:\ProgramData\DockerDesktop. The issue arises when the installer creates the directory without proper ownership verification, allowing a local attacker to exploit two scenarios: (1) Persistent Attack —...
CVE-2026-24763
OpenClaw formerly Clawdbot is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An...
Docker Desktop 安全漏洞
Docker Desktop is a desktop software from the American company Docker, designed for lightweight application deployment using container technology. This product provides a desktop environment that allows creating containers lightweight virtual machines on Linux/Windows/Mac OS systems, as well as...
CVE-Factory: Scaling Expert-Level Agentic Tasks for Code Security Vulnerability
CVE-Factory is a Multi-Agent system for fully automated, end-to-end CVE reproduction. Given CVE records, the system automatically researches details, generates test cases, builds Docker environments, and validates that each vulnerability can be both exploited and patched. The pipeline transforms...
PT-2026-5881
Name of the Vulnerable Software and Affected Versions Docker Desktop for Windows affected versions not specified Description Docker Desktop for Windows has permission assignment issues in the installer’s handling of the C:ProgramDataDockerDesktop directory. The installer does not properly verify...
Docker Desktop 4.44.3 - Unauthenticated API Exposure
Exploit Title: Docker Desktop 4.44.3 - Unauthenticated API Exposure Date: 2025-10-06 Exploit Author: OilSeller2001 Vendor Homepage: https://www.docker.com/ Software Link: https://www.docker.com/products/docker-desktop/ Version: Affected on Windows and macOS versions prior to 4.44.3 Tested on:...
OpenClaw < 2026.1.29 Multiple Vulnerabilities
The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.1.29. It is, therefore, affected by multiple vulnerabilities: - A command injection vulnerability exists in OpenClaw's Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable...
Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence AI assistant built into Docker Desktop and the Docker Command-Line Interface CLI, that could be exploited to execute code and exfiltrate sensitive data. The critical...
Mageia: Security Advisory (MGASA-2026-0030)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2026-1208)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2026-1220)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Command Injection
Overview clawdbot is a WhatsApp gateway CLI Baileys web with Pi RPC agent Affected versions of this package are vulnerable to Command Injection via unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user can execute arbitrary commands within the...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user can execute arbitrary commands within the container context ...
GHSA-MC68-Q9JW-2H3V OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
Summary A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the...
CVE-2026-24763
OpenClaw formerly Clawdbot is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An...
CVE-2026-24763 Authenticated Command Injection in OpenClaw Docker Execution via PATH Environment Variable
OpenClaw formerly Clawdbot is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An...