Important: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

MiracleLinux 7 : docker-1.13.1-206.git7d71120.0.1.el7.AXS7 (AXSA:2021-1764:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1764:03 advisory. runc: vulnerable to symlink exchange attack CVE-2021-30465 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 7 : docker-1.13.1-162.git64e9980.0.1.el7.AXS7 (AXSA:2020-208:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-208:04 advisory. docker: Ambient capability usage in containers CVE-2016-8867 docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc...

Exploit for SQL Injection in Phpgurukul Job_Portal

CVE-2024-8465 – SQL Injection Proof of Concept Team Inform...

CVE-2026-23846

Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of the HTTP request body. This causes passwords to be logged in server access logs and potentially...

PT-2026-3491

Name of the Vulnerable Software and Affected Versions Tugtainer versions prior to 1.16.1 Description Tugtainer is a self-hosted application designed for automating updates of Docker containers. Prior to version 1.16.1, the password authentication process transmits passwords through URL query...

openSUSE 16 Security Update : docker (openSUSE-SU-2026:20057-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20057-1 advisory. Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Updat...

Arcane Access Control Vulnerability

Arcane is an open-source Docker management software developed by Arcane. Versions of Arcane prior to 1.13.2 contained a access control vulnerability. This vulnerability stemmed from the environmental proxy middleware processing requests to remote environments before enforcing authentication. As a...

Security update for docker (critical)

openSUSE security update: security update for docker ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20057-1 Rating: critical References: bsc1247367 bsc1247594 bsc1248373 bsc1250508 Cross-References: CVE-2025-54388 CVSS scores: CVE-2025-54388 SUSE :...

SUSE-SU-2026:20112-1 Security update for docker

This update for docker fixes the following issues: Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Update to docker-buildx v0.29.0. Upstream changelog: - Remove git-core recommends on SLE. Most SLE...

SUSE-SU-2026:20095-1 Security update for docker

This update for docker fixes the following issues: Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Update to docker-buildx v0.29.0. Upstream changelog: - Remove git-core recommends on SLE. Most SLE...

OPENSUSE-SU-2026:20057-1 Security update for docker

This update for docker fixes the following issues: Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Update to docker-buildx v0.29.0. Upstream changelog: - Remove git-core recommends on SLE. Most SLE...

EUVD-2026-2914

Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter...

GHSA-5882-5RX9-XGXP Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter

A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...

Crawl4AI is Vulnerable to Remote Code Execution in Docker API via Hooks Parameter

A critical remote code execution vulnerability exists in the Crawl4AI Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing attackers to import arbitrary modules an...

Directory Traversal

Overview Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Directory Traversal via the Docker API endpoints that accept file:// URLs. An attacker can access sensitive files on the server filesystem by submitting crafted...

EUVD-2026-2915

Crawl4AI Has Local File Inclusion in Docker API via file:// URLs...

GHSA-VX9W-5CX4-9796 Crawl4AI Has Local File Inclusion in Docker API via file:// URLs

A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...

Crawl4AI Has Local File Inclusion in Docker API via file:// URLs

A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...

PT-2026-7856

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.0 Description Crawl4AI is affected by a local file inclusion issue in its Docker API deployment. The /execute js, /screenshot, /pdf, and /html API endpoints accept file:// URLs, which allows unauthenticated remot...