Searching CVE for "docker"
This vulnerability exposes memcached session storage without authentication in WWBN AVideo's Docker configuration, allowing attackers to hijack sessions, impersonate administrators, or destroy all use...
OpenClaw versions before 2026.2.15 use deprecated SHA-1 hashing for sandbox identifier cache keys, making them vulnerable to collision attacks. Attackers can poison the cache to cause one sandbox conf...
This vulnerability allows any authenticated non-admin user in WireGuard Portal to elevate their privileges to full administrator by sending a crafted PUT request to their user profile endpoint. All us...
This vulnerability allows attackers to execute arbitrary operating system commands with root privileges within the container running bleon-ethical/api-gateway-deploy version 1.0.0. Attackers can poten...
An out-of-bounds read vulnerability in the grpcfuse kernel module in Docker Desktop's Linux VM allows local attackers to write to /proc/docker entries, potentially leading to information disclosure or...
OpenClaw's Docker sandbox configuration injection vulnerability allows attackers to escape container isolation and access the host system. This affects OpenClaw personal AI assistant deployments using...
A command injection vulnerability in aquasecurity/trivy-action GitHub Action versions 0.31.0-0.33.1 allows attackers to execute arbitrary commands on GitHub Actions runners. This occurs when user-cont...
Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the Docker API deployment. Attackers can send malicious Python code via the /crawl endpoint's hooks par...
OpenFGA versions 1.8.5 to 1.11.2 have an improper policy enforcement vulnerability that can allow unauthorized access when specific authorization models and tuple configurations exist. The vulnerabili...
Docker Desktop for Windows installer has permission assignment vulnerabilities allowing low-privileged attackers to gain code execution. Attackers can pre-create or race-condition the C:\ProgramData\D...
OpenClaw (formerly Clawdbot) versions prior to 2026.1.29 contain a command injection vulnerability in the Docker sandbox execution mechanism. Authenticated users who can control environment variables ...
A path traversal vulnerability in Backstage's TechDocs local generator allows attackers to read arbitrary files from the host filesystem when processing documentation from untrusted sources. This affe...
This vulnerability allows attackers to execute arbitrary Python code on TechDocs build servers when configured with 'runIn: local'. Malicious actors who can modify a repository's mkdocs.yml file can e...
This CVE describes a command injection vulnerability in nvm (Node Version Manager) where the NVM_AUTH_HEADER environment variable is not properly sanitized when used in wget commands. Attackers who ca...
CVE-2026-25116 is an unauthenticated path traversal vulnerability in Runtipi homeserver orchestrator that allows remote attackers to overwrite the docker-compose.yml configuration file. This leads to ...
malcontent versions 0.10.0 through 1.20.2 expose Docker registry credentials when scanning malicious OCI images. Attackers can redirect authentication requests to steal credentials via crafted WWW-Aut...
CVE-2026-24841 is a critical command injection vulnerability in Dokploy, a self-hosted PaaS, allowing authenticated attackers to execute arbitrary commands on the host server via unsanitized parameter...
This vulnerability in Dozzle allows users restricted by label filters to bypass container isolation and obtain interactive root shells in out-of-scope containers on the same agent host. Attackers can ...
CVE-2026-24129 is a command injection vulnerability in Runtipi that allows authenticated users to execute arbitrary system commands on the host server. Attackers can inject shell metacharacters into b...
CVE-2026-23944 is an authentication bypass vulnerability in Arcane Docker management interface that allows unauthenticated attackers to proxy requests to remote environment agents. This enables unauth...
CVE-2026-23846 is a sensitive information exposure vulnerability in Tugtainer where passwords are transmitted via URL query parameters instead of secure HTTP request bodies. This exposes passwords in ...
CVE-2026-23520 is a command injection vulnerability in Arcane's docker management platform that allows authenticated users to execute arbitrary shell commands on the host system. The vulnerability occ...
CVE-2025-69426 allows attackers to exploit hardcoded SSH credentials in Ruckus vRIoT IoT Controller firmware to gain root access through Docker container escape. Organizations using affected vRIoT Con...
LibreChat version 0.8.1-rc2 has a server-side request forgery (SSRF) vulnerability in its Actions feature that allows attackers to make unauthorized requests to internal services. This affects all use...
Spinnaker versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery (SSRF) that allows attackers to fetch data from remote URLs and inject it into pipelines. Thi...
This vulnerability allows remote command execution as root on Coolify instances when users create applications from malicious repositories using the docker compose build pack. Attackers can exploit un...
This vulnerability allows low-privileged users in Coolify to inject malicious Docker Compose directives during project creation or updates. By mounting the host filesystem through a crafted service, a...
A null pointer dereference vulnerability in the Linux kernel's overlay filesystem code could cause kernel crashes or potential privilege escalation. This affects Linux systems using the overlay filesy...
CVE-2025-69201 is a command injection vulnerability in Tugtainer's agent API that allows attackers to inject arbitrary arguments into docker container update commands. This affects all self-hosted Tug...
IBM Concert versions 1.0.0 through 2.1.0 store sensitive information in cleartext during recursive Docker builds, allowing local users to access credentials or other secrets. This affects organization...
CVE-2025-56157 exposes Dify installations to unauthorized database access through hardcoded PostgreSQL credentials in docker-compose.yaml. Attackers can gain full control over the PostgreSQL database ...
This is a critical command injection vulnerability in Shiguangwu sgwbox N3 version 2.0.25 that allows remote attackers to execute arbitrary commands on affected systems. The vulnerability exists in th...
This vulnerability in MartialBE one-hub involves the use of a hard-coded cryptographic key for session secrets in the docker-compose.yml file. Attackers could potentially decrypt or forge session data...
Docker Desktop diagnostics bundles inadvertently include expired Personal Access Tokens (PATs) in log output due to error object serialization issues. This vulnerability allows sensitive credential le...
This vulnerability in cpp-httplib allows attackers to spoof client IP addresses by sending malicious X-Forwarded-For or X-Real-IP headers. This can poison server logs, evade audit trails, and potentia...
This vulnerability in cpp-httplib allows attackers to inject HTTP headers (REMOTE_ADDR, REMOTE_PORT, LOCAL_ADDR, LOCAL_PORT) that shadow server-generated metadata. This enables IP spoofing, log poison...
This vulnerability in opsre go-ldap-admin allows attackers to manipulate JWT secret keys, potentially enabling authentication bypass or privilege escalation through hard-coded cryptographic keys. It a...
This vulnerability allows unprivileged local users to execute arbitrary commands with root privileges by exploiting improper input validation in the ABRT daemon. Attackers can inject shell metacharact...
CVE-2025-12970 is a buffer overflow vulnerability in Fluent Bit's in_docker input plugin that allows attackers who can create or control container names to crash the Fluent Bit process or execute arbi...
OpenFGA versions 1.4.0 to 1.11.0 have an improper policy enforcement vulnerability in Check and ListObject calls. This allows attackers to bypass authorization controls and access resources they shoul...
This CVE-2025-52881 vulnerability in runc allows attackers to redirect writes to /proc filesystem to other locations through race conditions with shared mounts. This could enable privilege escalation ...
Nagios XI versions before 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Authenticated administrators can inject shell commands through insufficient input validation, leading...
This vulnerability allows unauthenticated attackers to execute arbitrary commands with limited privileges on IBM Security Verify Access systems. It affects IBM Security Verify Access and IBM Security ...
This vulnerability allows a locally authenticated user on affected IBM Security Verify Access systems to escalate their privileges to root due to improper privilege management. The flaw exists because...
A critical authentication bypass vulnerability in Termix versions 1.5.0 and below allows unauthenticated attackers to access the /ssh/db/host/internal endpoint, exposing stored SSH host information in...
Vasion Print (formerly PrinterLogic) contains hardcoded encryption keys in its application containers, allowing attackers who can access the filesystem to decrypt sensitive SaaS identifiers. This affe...
This vulnerability allows unauthenticated attackers to access all internal Docker containers in Vasion Print (formerly PrinterLogic) deployments, bypassing authentication entirely. Attackers can inter...
This vulnerability allows attackers to capture SSH private keys from compromised Docker containers in Vasion Print deployments due to insecure SSH client configuration. The insecure settings disable h...
This vulnerability exposes Docker container networks in Vasion Print (formerly PrinterLogic) deployments, allowing attackers on the same network segment to directly access internal services like HTTP ...
Vasion Print (formerly PrinterLogic) contains outdated, end-of-life third-party components across multiple Docker containers, creating a large attack surface. Attackers can chain vulnerabilities in th...
This vulnerability allows unauthenticated attackers to reset the database administrator password to a known value ('password') via an exposed PHP script, potentially leading to full database compromis...
This critical vulnerability in Dyad v0.19.0 and earlier allows attackers to execute arbitrary code on users' systems by crafting malicious web content that automatically executes when loaded in the ap...
This Cross-Site Scripting (XSS) vulnerability in AATF Website allows attackers to inject malicious JavaScript via the X-Forwarded-For header, which executes in visitors' browsers. It affects all users...
This vulnerability exposes AWS credentials in Docker script files within JetBrains TeamCity CI/CD servers. Attackers who gain access to these files could potentially use the credentials to access AWS ...
This CVE describes a configuration vulnerability in nginx-defender where default administrative credentials are present in example configuration files. Attackers with network access can use these defa...
OpenFGA versions 1.9.3 to 1.9.4 contain an improper policy enforcement vulnerability in Check and ListObject calls. This allows attackers to bypass authorization controls and access resources they sho...
SINEC Traffic Analyzer versions before V3.0 run Docker containers without proper resource limits, allowing attackers to exhaust system resources and cause denial-of-service. This affects all users of ...
SINEC Traffic Analyzer runs Docker containers without proper isolation controls, allowing attackers to escape container boundaries and access host system resources. This affects all versions before V3...
This vulnerability in Moby/Docker Engine allows containers with ports published only to localhost (127.0.0.1) to become remotely accessible after firewalld service reloads. It affects Docker Engine ve...
A use-after-free vulnerability in the Linux kernel's IDXD DMA engine driver can cause kernel panics or system crashes when containers with specific mount configurations are terminated. This affects Li...
CVE-2025-53372 is a command injection vulnerability in node-code-sandbox-mcp that allows attackers to execute arbitrary system commands on the host machine. This bypasses the Docker sandbox protection...
CVE-2025-53376 is a command injection vulnerability in Dokploy that allows authenticated low-privileged users to execute arbitrary operating system commands on the host server. The vulnerability occur...
Snyk CLI versions before 1.1297.3 expose sensitive credentials in debug logs when running in DEBUG or TRACE mode. This affects users who run Snyk container, auth, or IaC commands with debug logging en...
Portainer Community Edition versions before STS 2.31.0 and LTS 2.27.7 contain an information disclosure vulnerability where HTTP headers (including authentication credentials and session tokens) can b...
CVE-2025-5151 is a critical code injection vulnerability in defog-ai introspect's execute_analysis_code_safely function that allows attackers to execute arbitrary code. This affects users running intr...
OpenFGA versions 1.8.0 through 1.8.12 contain an authorization bypass vulnerability in Check and ListObject API calls. Attackers can bypass intended permissions when specific conditions are met involv...
This vulnerability allows unauthenticated access to PostgreSQL databases in Bitnami's pgpool Docker image and postgres-ha Kubernetes chart. Attackers can exploit the default 'repmgr' user with trust-l...
OpenFGA versions 1.3.6 through 1.8.10 contain an authorization bypass vulnerability in Check and ListObject calls. This allows attackers to bypass permission checks and access unauthorized resources. ...
A local privilege escalation vulnerability in Docker Desktop for Windows allows low-privileged users to gain SYSTEM privileges by exploiting the update process. Attackers can create malicious director...
CVE-2025-32955 is a privilege escalation vulnerability in Harden-Runner CI/CD security agent that allows attackers to bypass the 'disable-sudo' policy restriction. Attackers can use Docker group membe...
This vulnerability in Rancher allows attackers to escape the chroot jail and gain root access to the Rancher container. In production environments, this can lead to further privilege escalation within...
This vulnerability allows network-based attackers to impersonate Jenkins SSH build agents by exploiting identical SSH host keys across all containers of the same image version. Attackers positioned be...
This CVE describes a GitHub Actions workflow vulnerability in acme.sh Docker images where the checkout action lacks 'persist-credentials: false', potentially exposing GitHub tokens. This affects users...
This vulnerability in AWS SAM CLI allows attackers to access privileged host files when building with Docker if symlinks are present in build files. The elevated permissions granted to the tool enable...
This vulnerability allows authenticated attackers to execute arbitrary commands within Appsmith Docker containers by exploiting a misconfigured PostgreSQL instance. It affects all Appsmith deployments...
OpenWebUI 0.3.0 has a critical vulnerability in its audio transcription API that allows authenticated users to upload arbitrary files with path traversal. This can overwrite critical system files with...
A denial-of-service vulnerability in Dockerized anything-llm allows attackers to crash the entire site instance by uploading an audio file with a very low sample rate (1 Hz). The localWhisper implemen...
The umatiGateway software exposes its web interface publicly by default in Docker deployments, allowing unauthorized users to view and modify configuration settings. This affects all users running uma...
CVE-2025-26320 is an OS command injection vulnerability in t0mer BroadlinkManager v5.9.1 that allows attackers to execute arbitrary commands on the host system by injecting malicious input into the IP...
OpenFGA versions before 1.8.5 contain an authorization bypass vulnerability that allows unauthorized access when specific Check and ListObject API calls are made under certain model configurations. Th...
The Docker daemon in Brocade SANnav management software versions before 2.3.1b runs without auditing enabled. This allows remote authenticated attackers to execute various attacks without detection. O...
A denial-of-service vulnerability in Docker-proxy v18.09.0 allows attackers to crash or degrade the proxy service, disrupting container networking. This affects systems running the vulnerable Docker-p...
This vulnerability in mailcow: dockerized allows attackers to manipulate the Host HTTP header during password reset requests, generating malicious reset links that point to attacker-controlled domains...
This vulnerability in IBM Security Verify Access allows unauthenticated attackers to reset passwords for expired user accounts without knowing the current password. It affects IBM Security Verify Acce...
This vulnerability allows attackers to upload malicious PHP or HTML files through the login page logo upload function in Process Maker's pm4core-docker. Successful exploitation enables remote code exe...
OpenFGA versions 1.3.8 to 1.8.2 contain an authorization bypass vulnerability when using conditions with contextual tuples and caching enabled. Attackers can bypass authorization checks to access unau...
This CVE describes a use-after-free vulnerability in the Linux kernel's BFQ I/O scheduler. The vulnerability allows an attacker to cause memory corruption that could lead to system crashes or potentia...
This vulnerability in IBM Security Verify Access Docker allows local users to escalate privileges due to unnecessary privilege execution. It affects IBM Security Verify Access Docker versions 10.0.0 t...
This vulnerability allows attackers to use expired session IDs to maintain unauthorized access to Kanboard instances. It affects all Kanboard users running versions before 1.2.43 due to improper sessi...
CVE-2024-36620 is a NULL pointer dereference vulnerability in Moby (Docker's open-source engine) that can cause a denial of service by crashing the Docker daemon. This affects systems running Moby v25...
This vulnerability in Docker's RUN --mount instruction allows attackers to bypass input validation and mount arbitrary host directories into containers during build processes. It affects users buildin...
Dozzle versions before 8.5.3 use SHA-256 for password hashing, which is vulnerable to rainbow table attacks. This allows attackers with access to password hashes to potentially crack passwords more ea...
Shields.io versions before server-2024-09-25 contain a remote code execution vulnerability in the JSONPath library used by dynamic badges. Attackers can execute arbitrary code by crafting malicious JS...
A remote code execution vulnerability in Docker Desktop allows malicious extensions to execute arbitrary code by crafting malicious extension descriptions or changelogs. This affects all Docker Deskto...
This vulnerability allows authenticated attackers with Administrator privileges on Cisco Routed PON Manager or direct MongoDB access to execute arbitrary commands as root on the PON Controller contain...
This vulnerability in Overleaf Server Pro allows users to access the sharelatex container's filesystem, network, and environment variables during LaTeX compiles when security features are disabled. It...
This vulnerability allows authenticated attackers to bypass two-factor authentication (2FA) in mailcow: dockerized email systems. Attackers need credentials for both their own account and a target acc...
This is a cross-site scripting (XSS) vulnerability in mailcow: dockerized that allows unauthenticated attackers to inject malicious JavaScript into API logs. When administrators view these logs, the s...
This vulnerability allows attackers to bypass Docker authorization plugins by sending specially-crafted API requests where the request/response body isn't forwarded to the plugin. This affects Docker ...
Canarytokens.org had a blind Server-Side Request Forgery (SSRF) vulnerability in its webhook alert feature that allowed attackers to map internal network ports when creating Canarytokens. This affecte...