Docker

A remote, unauthenticated attacker can exploit an unpatched Server-Side Request Forgery (SSRF) vulnerability in Crawl4AI Docker API versions up to 0.8.9, specifically targeting the `/crawl/stream` endpoint, to read internal network services and cloud-metadata endpoints, potentially exposing sensitive information like IAM credentials.

An attacker can achieve unauthenticated remote code execution (RCE) in Crawl4AI Docker deployments by injecting malicious Chromium launch arguments, such as `--utility-cmd-prefix` and `--no-zygote`, into the `browser_config.extra_args` field of the API request, allowing for arbitrary command execution as the container's runtime user.

Multiple vulnerabilities in Docker Desktop versions prior to 4.71.0 allow a remote attacker to execute arbitrary code.

Multiple vulnerabilities in Docker allow a local attacker to execute arbitrary code with administrator privileges, cause a denial-of-service condition, or manipulate data.

A race condition in Docker's `docker cp` command allows a malicious container to redirect a bind mount target to an arbitrary host path by manipulating symlinks during the setup of temporary filesystem views, potentially overwriting host files or causing denial of service.

A vulnerability exists in Docker where a malicious container image can execute arbitrary code with host root privileges by exploiting the decompression of compressed archives uploaded via the `PUT /containers/{id}/archive` endpoint, tracked as CVE-2026-41567.

Portainer is vulnerable to an endpoint security bypass via Swarm service create/update, enabling non-admin users with access to a Docker Swarm endpoint to bypass `EndpointSecuritySettings` restrictions and gain elevated privileges such as configuring services with elevated Linux capabilities, disabling syscall filtering and AppArmor confinement, setting arbitrary sysctl values, and mounting arbitrary host paths.

This brief outlines how Linux cgroups, a kernel feature for resource management, can be repurposed to provide valuable telemetry for detecting malicious processes, particularly in systemd, Docker, and Kubernetes environments, aiding in investigations of server compromises.

Vvveb versions before 1.0.8.2 contain a hardcoded credentials vulnerability in the docker-compose-apache.yaml configuration, allowing unauthenticated attackers to access the phpMyAdmin container and gain unrestricted read and write access to the Vvveb database, leading to account takeover and data manipulation.

BentoML versions 1.4.37 and earlier are vulnerable to server-side template injection (SSTI), where the Dockerfile generation function uses an unsandboxed jinja2.Environment allowing arbitrary Python code execution on the host machine when a malicious bento archive is imported and containerized, bypassing container isolation and potentially granting full access to the host filesystem and environment variables.

A vulnerability in Moby allows attackers to bypass authorization plugins by crafting API requests with oversized bodies, causing the Docker daemon to forward the request without the body to the plugin, potentially leading to unauthorized actions.