9278 matches found
CVE-2026-27002
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
PT-2026-21364
BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that leave a BBB server vulnerable for Denial of Service. The flawed command exposes both...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
Heavily influenced/copied/based on the format of a similar repo...
SUSE-SU-2026:20585-1 Security update for docker-stable
This update for docker-stable fixes the following issues: - Enable SELinux in default daemon.json config --selinux-enabled. This has no practical impact on non-SELinux systems bsc1252290. - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up...
OPENSUSE-SU-2026:20262-1 Security update for docker-stable
This update for docker-stable fixes the following issues: - Enable SELinux in default daemon.json config --selinux-enabled. This has no practical impact on non-SELinux systems bsc1252290. - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up...
CVE-2026-27002
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
Smanga 安全漏洞
Smanga is a Docker-based comic streaming reading tool developed by lkw199711. Version 3.2.7 of Smanga has a security vulnerability, which stems from insecure permission verification in the check-power.php script. This vulnerability could allow unverified attackers to reset any user’s password and...
OpenClaw 安全漏洞
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a security vulnerability that stems from a Docker tool sandbox configuration injection issue that can be exploited by an attacker to cause container escape or host data access...
CVE-2026-27002
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
CVE-2026-27002 OpenClaw: Docker container escape via unvalidated bind mount config injection
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
CVE-2026-27002 OpenClaw: Docker container escape via unvalidated bind mount config injection
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
CVE-2026-27002 OpenClaw: Docker container escape via unvalidated bind mount config injection
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options bind mounts, host networking, unconfined profiles to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 block...
CVE-2026-27002
OpenClaw CVE-2026-27002 describes a configuration injection issue in the Docker tool sandbox that could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container escape or host data access. Affected software: OpenClaw prior to version 202...
Use of Weak Hash
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of Weak Hash due to the use of SHA-1 in the process that generates sandbox identifier cache keys for Docker or browser sandbox configuration. An attacker can cause one configuration t...
GHSA-FJF4-6F34-W64Q Keycloak: Missing Check on Disabled Client for Docker Registry Protocol
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
Keycloak: Missing Check on Disabled Client for Docker Registry Protocol
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
Improper Authorization
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Authorization in the /protocol/docker-v2/auth endpoint, which does not ensure that the client is in...
CVE-2026-2733
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
CVE-2026-2733 Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
CVE-2026-2733 Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...