VYPR
Vendor

Docker

Products
21
CVEs
93
Across products
101
Status
Private

Products

21

Recent CVEs

93
View all 93 CVEs →
  • CVE-2025-9074CriAug 20, 2025
    risk 0.64cvss epss 0.02

    A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled,…

  • CVE-2015-9259CriMar 31, 2018
    risk 0.64cvss 9.8epss 0.01

    In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to…

  • CVE-2025-12744HigDec 3, 2025
    risk 0.60cvss 8.8epss 0.01

    A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local user can craft a payload…

  • CVE-2024-41110CriJul 24, 2024
    risk 0.59cvss 9.9epss 0.17

    Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base…

  • CVE-2024-9348HigOct 16, 2024
    risk 0.58cvss epss 0.00

    Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.

  • CVE-2026-6406HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.00

    The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket…

  • CVE-2025-9164HigOct 27, 2025
    risk 0.57cvss epss 0.00

    Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This…

  • CVE-2025-10657HigSep 26, 2025
    risk 0.57cvss epss 0.00

    In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/securi…

  • CVE-2018-15514HigSep 1, 2018
    risk 0.57cvss 8.8epss 0.02

    HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the validity of the deserialized .NET objects. This would allow a malicious user in…

  • CVE-2026-8936HigJun 2, 2026
    risk 0.53cvss epss 0.00

    Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0.

  • CVE-2026-5843HigMay 22, 2026
    risk 0.53cvss 8.2epss 0.00

    The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model's config.json specifies a model_file…

  • CVE-2026-5817HigMay 22, 2026
    risk 0.53cvss 8.2epss 0.00

    The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and execute arbitrary Python files included…

  • CVE-2014-5282HigFeb 6, 2018
    risk 0.53cvss 8.1epss 0.01

    Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.

  • CVE-2026-33990CriApr 1, 2026
    risk 0.52cvss 9.1epss 0.00

    Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the realm URL from the…

  • CVE-2025-62725HigOct 27, 2025
    risk 0.52cvss epss 0.14

    Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile…

  • CVE-2026-34040HigMar 31, 2026
    risk 0.51cvss 8.8epss 0.08

    Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

  • CVE-2014-0047HigOct 6, 2017
    risk 0.51cvss 7.8epss 0.00

    Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.

  • CVE-2026-28400HigFeb 27, 2026
    risk 0.49cvss 7.5epss 0.00

    Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expose a POST `/engines/_configure` endpoint that accepts arbitrary runtime flags without authentication. These flags are passed directly to the underlying…

  • CVE-2016-8867HigOct 28, 2016
    risk 0.49cvss 7.5epss 0.03

    Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.

  • CVE-2026-42306HigJun 12, 2026
    risk 0.47cvss 7.2epss 0.00

    Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount…