Overview
- Docker
- Docker Desktop
20 Aug 2025
Published
26 Feb 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
1.19%
KEV
Description
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled.
This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
Statistics
- 2 Posts
Last activity: 1 hour ago
Overview
Description
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
Statistics
- 2 Posts
Last activity: 1 hour ago
Overview
- Python Software Foundation
- CPython
14 Apr 2026
Published
15 Apr 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.02%
KEV
Description
The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via the remote debugging feature. This vulnerability requires persistently and repeatedly connecting to the process to be exploited, even after the connecting process crashes with high likelihood due to ASLR.
Statistics
- 2 Posts
Last activity: 7 hours ago
Fediverse
Latest Python 3.14.5 release (including fixes for CVE-2026-1502, CVE-2026-4786, and CVE-2026-5713) is now available to #SavOS PPA users of #Ubuntu #Linux at ppa:savoury1/python-3.14 (https://launchpad.net/~savoury1/+archive/ubuntu/python-3.14) for all PPA supported LTS releases.
Overview
- Python Software Foundation
- CPython
- http.client
10 Apr 2026
Published
12 May 2026
Updated
CVSS v4.0
MEDIUM (5.7)
EPSS
0.02%
KEV
Description
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
Statistics
- 2 Posts
Last activity: 7 hours ago
Fediverse
Latest Python 3.14.5 release (including fixes for CVE-2026-1502, CVE-2026-4786, and CVE-2026-5713) is now available to #SavOS PPA users of #Ubuntu #Linux at ppa:savoury1/python-3.14 (https://launchpad.net/~savoury1/+archive/ubuntu/python-3.14) for all PPA supported LTS releases.
Overview
- Python Software Foundation
- CPython
13 Apr 2026
Published
29 Apr 2026
Updated
CVSS v4.0
HIGH (7.0)
EPSS
0.02%
KEV
Description
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.
Statistics
- 2 Posts
Last activity: 7 hours ago
Fediverse
Latest Python 3.14.5 release (including fixes for CVE-2026-1502, CVE-2026-4786, and CVE-2026-5713) is now available to #SavOS PPA users of #Ubuntu #Linux at ppa:savoury1/python-3.14 (https://launchpad.net/~savoury1/+archive/ubuntu/python-3.14) for all PPA supported LTS releases.
Overview
- zhblue
- hustoj
27 Jan 2026
Published
27 Jan 2026
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
56.51%
KEV
Description
HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file containing files with path traversal sequences (e.g., ../../shell.php). When extracted by the server, this allows writing files to arbitrary locations in the web root, leading to Remote Code Execution (RCE). Version 26.01.24 contains a fix for the issue.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
Description
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks.
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
- Barracuda Networks Inc.
- Barracuda ESG Appliance
24 Dec 2023
Published
02 Aug 2024
Updated
CVSS
Pending
EPSS
82.49%
KEV
Description
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
Statistics
- 1 Post
Last activity: 12 hours ago