CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

CVE-2026-33744

CVE-2026-33744 affects BentoML versions prior to 1.4.37. The issue arises when the docker.system_packages field in bentofile.yaml is interpolated into Dockerfile RUN commands without sanitization, allowing arbitrary shell commands to execute during bentoml containerize or docker build. Impact is ...

CVE-2026-33744 BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

BentoML 代码注入漏洞

BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Prior to BentoML 1.4.37, there was a code injection vulnerability. This vulnerability stemmed from the docker.systemPackages...

Linux Distros Unpatched Vulnerability : CVE-2026-23924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of...

GO-2026-4705 SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets in github.com/siyuan-note/siyuan/kernel

SiYuan globalCopyFiles: incomplete sensitive path blocklist allows reading /proc and Docker secrets in github.com/siyuan-note/siyuan/kernel...

CVE-2025-10461

Global file reads caused by improper URL checks in webserver in Softing Industrial Automation GmbH smartLinks on docker filesystem modules allows file access. This issue affects smartLink SW-HT: through 1.42 smartLink SW-PN: through 1.03...

CVE-2023-27573

netbox-docker before 2.5.0 has a superuser account with default credentials admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSERAPITOKEN. In practice on the public Internet, almost all users changed the password but only about 90% changed the toke...

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...

CVE-2026-32038

OpenClaw before 2026.2.24 contains a sandbox network isolation bypass vulnerability that allows trusted operators to join another container's network namespace. Attackers can configure the docker.network parameter with container: values to reach services in target container namespaces and bypass...

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

Exploit for CVE-2024-36039

CVE-2024-36039: PyMySQL Object Injection to SQL Injection PoC...

SUSE-SU-2026:20871-1 Security update for docker-compose

This update for docker-compose fixes the following issue: - CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files bsc1252752...

Arbitrary Code Injection

Overview bentoml is a BentoML: Build Production-Grade AI Applications Affected versions of this package are vulnerable to Arbitrary Code Injection via the systempackages handling in the Dockerfile generation and image command paths. An attacker can execute arbitrary shell commands during bentoml...

BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

Summary The docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since systempackages is semantically a list of OS package names data, users do not expect values to be interpreted as shell command...

CVE-2025-64437 vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

CVE-2025-64433 vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

GHSA-QW6Q-3PGR-5CWQ vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...

GHSA-46XP-26XH-HPQH vulnerabilities

Vulnerabilities for packages: docker-machine-driver-harvester...