CVE-2026-45626 Arcane: OS Command Injection in Volume Browser ListDirectory via path query parameter

Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/id/volumes/volumeName/browse accepts a path query parameter that is passed to a shell command sh -c "find … | while …" inside an Arcane helper container. The path sanitis...

Astro 安全漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 10.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authentication when reading the x-astro-path header and the xastropath query parameters, which could lead...