94 matches found
CVE-2026-58053 Gitea act_runner - Container Hardening Bypass via Workflow Container Options
Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...
EUVD-2026-39973
Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...
CVE-2026-54636
CVE-2026-54636 concerns Dokku’s cron plugin, which prior to 0.38.7 used commands from app.json to manage system cron for the Dokku user. A cron entry containing shell metacharacters (e.g., >, ;) can escape the container and run commands on the host as the Dokku user, enabling OS command inject...
CVE-2026-54319 Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A...
CVE-2026-54319 Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume reference volumeId, which may also be a volume name was forwarded to the runner and used to build the host bind-mount source path without confinement. A...
CVE-2026-54319
CVE-2026-54319 (Daytona) describes a path traversal flaw in the sandbox volume binding logic prior to 0.186. A sandbox volume reference (volumeId) could be forwarded to the runner to build the host bind-mount source path without confinement, allowing traversal sequences that could resolve the mou...
EUVD-2024-55624
api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions...
EulerOS Virtualization 2.13.0 : systemd (EulerOS-SA-2026-2419)
According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config...
USN-8402-1: systemd vulnerabilities
It was discovered that systemd-nspawn incorrectly handled certain optional configuration files. A local attacker could possibly use this issue to escape to the host system and execute arbitrary code. CVE-2026-40226 It was discovered that systemd-resolved incorrectly validated DNSSEC records for...
USN-8402-1 systemd vulnerabilities
It was discovered that systemd-nspawn incorrectly handled certain optional configuration files. A local attacker could possibly use this issue to escape to the host system and execute arbitrary code. CVE-2026-40226 It was discovered that systemd-resolved incorrectly validated DNSSEC records for...
CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0...
SUSE CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
DEBIAN-CVE-2026-40226
In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...
systemd 安全漏洞
Systemd is a Linux-based system and service manager developed by Lennart Poettering of Germany. This product is compatible with SysV and LSB startup scripts, and it provides a framework for representing dependencies between system services. Prior to version 260, there was a security vulnerability...
NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node
Summary NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. However, the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via...
EulerOS 2.0 SP10 : docker-runc (EulerOS-SA-2026-1306)
According to the versions of the docker-runc package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through...
k8s-container-escape-lkm
🛠️ Kernel Module Reverse Shell – Privileged Container Escape P...
Thinking Outside The Box [dusted off draft from 2017]
Posted by Jann Horn Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post about escaping from the VM to the VirtualBox host userspace process with CVE-2017-3558, but I never got around to writing the second...
PT-2025-45350
Name of the Vulnerable Software and Affected Versions runc versions 1.2.0 through 1.2.7 runc versions 1.3.0-rc.1 through 1.3.1 runc versions 1.4.0-rc.1 through 1.4.0-rc.2 Description runc is a CLI tool for spawning and running containers according to the OCI specification. A race condition in the...
EUVD-2020-27254
Malware in sbrugna...