GHSA-6FJ5-M822-RQX8 vulnerabilities

Vulnerabilities for packages: rancher-machine, docker-machine-driver-harvester...

CVE-2021-21285 vulnerabilities

Vulnerabilities for packages: rancher-machine, docker-machine-driver-harvester...

CVE-2021-21284 vulnerabilities

Vulnerabilities for packages: rancher-machine, docker-machine-driver-harvester...

CVE-2020-27534 vulnerabilities

Vulnerabilities for packages: rancher-machine, docker-machine-driver-harvester...

PT-2026-1934

Name of the Vulnerable Software and Affected Versions LibreChat version 0.8.1-rc2 Description LibreChat, a ChatGPT clone with additional features, is susceptible to a server-side request forgery SSRF issue. This occurs because of missing restrictions within the Actions feature in its default...

Medium: docker

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Medium: docker

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: docker (UTSA-2026-000515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000515 advisory. Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, whic...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: docker (UTSA-2026-000514)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000514 advisory. Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In...

Exploit for OS Command Injection in Docker

🐳 ContainerBreaker - Docker Escape Exploit Simulator !Licen...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3 Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. CWE:CWE-639:...

Security Bulletin: Firewalld Reload Bypasses Localhost Port Restrictions in Moby (Docker Engine) Prior to 28.3.3, affects watsonx.data

Summary Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. In versions 28.2.0 through 28.3.2, when the firewalld service is reloaded it removes all iptables rules...

CVE-2025-64419

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

CVE-2025-64419 Coolify vulnerable to command injection via docker-compose.yaml parameters

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

EUVD-2025-206244

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming from docker-compose.yaml are not sanitized when used in commands. If a victim user creates an application from an attacker repository using build...

CVE-2025-64419

CVE-2025-64419 affects Coolify prior to 4.0.0-beta.445. The vulnerability arises from unsanitized docker-compose.yaml parameters used in commands, enabling a remote attacker to run commands as root on the Coolify instance if a victim creates an application from an attacker repository (build pack ...

CVE-2025-59156

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code Execution RCEvulnerability exists in Coolify's application deployment workflow. This flaw allows a low-privileged member to inject arbitrary Docker...

CVE-2025-59156

CVE-2025-59156 affects Coolify prior to version 4.0.0-beta.420.7, where a remote command injection flaw in the application deployment workflow allows a low-privileged user to inject arbitrary Docker Compose directives. By defining a malicious service that mounts the host filesystem, an attacker c...