Exploit for CVE-2025-9074

CVE-2025-9074: Docker Engine API Unauthenticated RCE Seve...

PT-2026-43211

Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: 1. CVE-2025-43520 - 📝 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS...

Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID

Summary The hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URLs using fmt.Sprintf with the raw value instead of...

CVE-2026-27734

Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URL...

Docker Desktop 4.44.3 - Unauthenticated API Exposure

Exploit Title: Docker Desktop 4.44.3 - Unauthenticated API Exposure Date: 2025-10-06 Exploit Author: OilSeller2001 Vendor Homepage: https://www.docker.com/ Software Link: https://www.docker.com/products/docker-desktop/ Version: Affected on Windows and macOS versions prior to 4.44.3 Tested on:...

Exploit for CVE-2025-9074

CVE-2025-9074: Docker Desktop Container Escape PoC !CVEhtt...

Exploit for CVE-2025-9074

CVE-2025-9074 - Docker API Unauthenticated Access PoC 📌 Ov...

EUVD-2025-25308

Malicious code in bioql PyPI...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper permission checks in the import and export tasks. An attacker can gain unauthorized access to exported data by sending crafted requests to the REST APIs. Remediation Upgrade...

Docker Desktop < 4.44.3 Container Escape

The version of Docker Desktop is prior to 4.44.3. It is therefore affected by a container escape vulnerability. The vulnerability allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with...

CVE-2025-9074

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

CVE-2025-9074

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

CVE-2025-9074

CVE-2025-9074 : Docker Desktop exposes the Docker Engine API on the internal subnet (example: 192.168.65.7:2375) without authentication, enabling a container to create a privileged container that mounts host filesystem access. Public writeups and exploits in the connected literature demonstrate a...

CVE-2025-9074 Docker Desktop allows unauthenticated access to Docker Engine API from containers

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation ECI enabled, and with or without th...

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

PT-2025-34057

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.44.3 Description A flaw in the container isolation mechanism of Docker Desktop for Windows and macOS allows local Linux containers to gain unauthenticated access to the Docker Engine API via the configured...

RHBA-2019:1570 Red Hat Bug Fix Advisory: ovirt-engine-api-explorer bug fix and enhancement update for RHV 4.3.4

Bulletin has no description...

RHBA-2019:1076 Red Hat Bug Fix Advisory: ovirt-engine-api-explorer bug fix and enhancement update for RHV 4.3

Bulletin has no description...

Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service DDoS botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, buil...

OracleIV DDoS Botnet Malware Targets Docker Engine API Instances

By Waqas While OracleIV is not a supply chain attack, it highlights the ongoing threat of misconfigured Docker Engine API deployments. This is a post from HackRead.com Read the original post: OracleIV DDoS Botnet Malware Targets Docker Engine API Instances...