Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-097 (ALASNITRO-ENCLAVES-2026-097)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-097 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go...

Docker Desktop < 4.59.0 ECI Privilege Escalation (CVE-2026-6406)

The version of Docker Desktop installed on the remote host is prior to 4.59.0. It is, therefore, affected by a local privilege escalation vulnerability: - A flaw exists in the Enhanced Container Isolation ECI feature related to processing of Docker CLI arguments. The issue results from an exposed...

xsslab

Dalfox XSS Lab Stored XSS / second-order XSS laboratory for i...

Malicious code in nicegui (npm)

Malicious npm package published by threat actor "ryanmccollum1" typosquatting the popular Python NiceGUI framework. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

Malicious code in period-newline (npm)

Malicious npm package published by threat actor "ryanmccollum1" impersonating a benign text-formatting utility. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

MAL-2026-3180 Malicious code in nicegui (npm)

Malicious npm package published by threat actor "ryanmccollum1" typosquatting the popular Python NiceGUI framework. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...

OpenKM 6.3.12 - Multiple

Exploit Title: OpenKM Multiple Critical Zero-Day Date: 17 Jan 2026 Exploit Author: Terra System Labs Pvt. Ltd. Vendor Homepage: https://www.openkm.com/ Software Link: https://hub.docker.com/r/openkm/openkm-ce Version: OpenKM Community Edition 6.3.12 and OpenKM Pro Edition 7.1.47 and previous...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 — Demo Methodology ⚠️ Overview This demo s...

EUVD-2026-26043

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environment variables, such as LDPRELOAD or httpproxy, into docker-build containers through the buildconfigs/instantiate API. This incomplete fix for a previous vulnerability...

CVE-2026-7309

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environment variables, such as LDPRELOAD or httpproxy, into docker-build containers through the buildconfigs/instantiate API. This incomplete fix for a previous vulnerability...

CVE-2026-7309

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environment variables, such as LDPRELOAD or httpproxy, into docker-build containers through the buildconfigs/instantiate API. This incomplete fix for a previous vulnerability...

CVE-2026-7309 Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environment variables, such as LDPRELOAD or httpproxy, into docker-build containers through the buildconfigs/instantiate API. This incomplete fix for a previous vulnerability...

CVE-2026-7309 Openshift-controller-manager: openshift container platform: information disclosure via environment variable injection

A flaw was found in the OpenShift Container Platform build system. A user with the edit ClusterRole can inject arbitrary environment variables, such as LDPRELOAD or httpproxy, into docker-build containers through the buildconfigs/instantiate API. This incomplete fix for a previous vulnerability...

GHSA-5MH4-3RV3-FPCF Duplicate Advisory: OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cg7q-fg22-4g98. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to...

Duplicate Advisory: OpenClaw: Host exec environment sanitization misses package, registry, Docker, compiler, and TLS override variables

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cg7q-fg22-4g98. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to...

CVE-2026-41369

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system...

Red Hat OpenShift Container Platform 代码问题漏洞

Red Hat OpenShift Container Platform is a platform developed by Red Hat Inc., which helps enterprises develop, deploy, and manage existing container-based applications across physical, virtual, and public cloud infrastructures. There is a code vulnerability in Red Hat OpenShift Container Platform...

CVE-2026-41369 OpenClaw < 2026.3.31 - Insufficient Environment Variable Sanitization in Host Execution

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system...

unicas_docker_exploit

Cyber-Range Didattico in Docker / Educational Docker Cyber-Ran...

EUVD-2026-25770

A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The...