CVE-2026-39308

Summary: CVE-2026-39308 affects PraisonAI’s recipe registry publish flow. Before version 1.5.113, the endpoint writes uploaded bundles to a filesystem path derived from manifest.json before validating that manifest name/version against the URL. A crafted manifest with directory traversal (.. /) c...

Linkr 安全漏洞

Linkr is a file transfer system by the individual developer Mohammad Zain. A security vulnerability exists in Linkr version 2.0.0 and earlier, which stems from failure to validate the integrity and authenticity of .linkr manifest files, and could lead to arbitrary file injection and remote code...

PYSEC-2025-145

A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service DoS attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can...

Out-of-Band Detection for Log4Shell

Log4j is the de facto logging library for all Java applications, as Log4j is used in most Java-based applications. The challenge is that Java applications that use the log4j-vulnerable library can be coded, packaged, and deployed using different methods – this introduces a challenge for detection...

Docker < 1.8.3 Multiple Vulnerabilities

Docker is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GHSA-Q76J-58CX-WP5V Vulnerability in RPKI manifest validation

A vulnerability in RPKI manifest validation exists when objects on the manifest are hidden, or expired objects are replayed. An attacker successfully exploiting this vulnerability could prevent new ROAs from being received or selectively hide ROAs, causing routes to become INVALID. To exploit thi...

DEBIAN-CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...

Updated docker/golang packages fix security vulnerability

Manipulated layer IDs could have lead to local graph poisoning CVE-2014-8178. Manifest validation and parsing logic errors allowed pull-by-digest validation bypass CVE-2014-8179. To fix these issues, the golang package has been updated to version 1.4.3 and the docker package has been updated to...

SUSE-SU-2015:1757-1 Security update for docker

docker was updated to version 1.8.3 to fix two security issues. These security issues were fixed: - CVE-2014-8178: Manipulated layer IDs could have lead to local graph poisoning bsc949660. - CVE-2014-8179: Manifest validation and parsing logic errors allowed pull-by-digest validation bypass...

docker-engine security update

1.8.3-1.0.1 - Enable configuration of Docker daemon via sysconfig orabug 21804877 - Add documentation files to binary RPM 1.8.3 - Fix layer IDs lead to local graph poisoning CVE-2014-8178 - Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass CVE-2014-8179 - Add...