CVE-2026-39848
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests
CVSS
6.5
Medio
EPSS
0.1%
p1
KEV
—
Exploit Today
0
0-100
Publicado: 9 abr 2026 · Última mod.: 8 jul 2026 · CWE-306 · CWE-352
0.1%EPSS · 30 días0.2%
2026-06-302026-07-16
Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name=<container> or /apps/action.php?action=start&name=<container>, which starts or stops the target container. This vulnerability is fixed in 1.1.0.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-32489.8 CRÍ100.0%
KEV—80Langflow Missing Authentication Vulnerability2dCVE-2024-116809.8 CRÍ99.8%
KEV—80ProjectSend Improper Authentication Vulnerability2dCVE-2008-41284.3 MED97.6%
KEV—79Cisco IOS Cross-Site Request Forgery Vulnerability3dCVE-2026-561645.3 MED92.0%
KEV—78Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability2dCVE-2026-468179.8 CRÍ60.3%
KEV—68Oracle E-Business Suite Improper Privilege Management Vulnerability1dCVE-2022-245629.8 CRÍ98.9%
——30In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.8d