[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-15558":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":257,"aliases":258,"duplicate_of":9,"upstream":262,"downstream":263,"duplicates":270,"related":271,"reserved_at":9,"published_at":277,"modified_at":278,"state":279,"summary":280,"references_raw":289,"kevs":341,"epss":342,"epss_history":345,"metrics":614,"affected":628},"CVE-2025-15558","Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user.\n\nThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the  github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose.\n\nThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-427","Uncontrolled Search Path Element","The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.","weakness","Draft","Base",[19,149],{"id":20,"name":21,"techniques":22},"CAPEC-38","Leveraging/Manipulating Configuration File Search Paths",[23,109],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.007","Path Interception by PATH Environment Variable",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,56,60,65,70,75,80,85,89,93,97,101,105],{"id":44,"name":45,"tactic":46},"D3-FA","File Analysis",{"name":47},"Detect",{"id":49,"name":50,"tactic":51},"D3-FIM","File Integrity Monitoring",{"name":47},{"id":53,"name":54,"tactic":55},"D3-DA","Dynamic Analysis",{"name":47},{"id":57,"name":58,"tactic":59},"D3-EFA","Emulated File Analysis",{"name":47},{"id":61,"name":62,"tactic":63},"D3-FEV","File Eviction",{"name":64},"Evict",{"id":66,"name":67,"tactic":68},"D3-DF","Decoy File",{"name":69},"Deceive",{"id":71,"name":72,"tactic":73},"D3-FE","File Encryption",{"name":74},"Harden",{"id":76,"name":77,"tactic":78},"D3-RF","Restore File",{"name":79},"Restore",{"id":81,"name":82,"tactic":83},"D3-CF","Content Filtering",{"name":84},"Isolate",{"id":86,"name":87,"tactic":88},"D3-LFP","Local File Permissions",{"name":84},{"id":90,"name":91,"tactic":92},"D3-RFAM","Remote File Access Mediation",{"name":84},{"id":94,"name":95,"tactic":96},"D3-CQ","Content Quarantine",{"name":84},{"id":98,"name":99,"tactic":100},"D3-CM","Content Modification",{"name":84},{"id":102,"name":103,"tactic":104},"D3-EAL","Executable Allowlisting",{"name":84},{"id":106,"name":107,"tactic":108},"D3-EDL","Executable Denylisting",{"name":84},{"id":110,"name":111,"tactics":112,"countermeasures":118},"T1574.009","Path Interception by Unquoted Path",[113,114,115,116,117],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[119,121,123,125,127,129,131,133,135,137,139,141,143,145,147],{"id":44,"name":45,"tactic":120},{"name":47},{"id":49,"name":50,"tactic":122},{"name":47},{"id":53,"name":54,"tactic":124},{"name":47},{"id":57,"name":58,"tactic":126},{"name":47},{"id":61,"name":62,"tactic":128},{"name":64},{"id":66,"name":67,"tactic":130},{"name":69},{"id":71,"name":72,"tactic":132},{"name":74},{"id":76,"name":77,"tactic":134},{"name":79},{"id":81,"name":82,"tactic":136},{"name":84},{"id":86,"name":87,"tactic":138},{"name":84},{"id":90,"name":91,"tactic":140},{"name":84},{"id":94,"name":95,"tactic":142},{"name":84},{"id":98,"name":99,"tactic":144},{"name":84},{"id":102,"name":103,"tactic":146},{"name":84},{"id":106,"name":107,"tactic":148},{"name":84},{"id":150,"name":151,"techniques":152},"CAPEC-471","Search Order Hijacking",[153,185,217],{"id":154,"name":155,"tactics":156,"countermeasures":162},"T1574.001","DLL",[157,158,159,160,161],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[163,165,167,169,171,173,175,177,179,181,183],{"id":44,"name":45,"tactic":164},{"name":47},{"id":49,"name":50,"tactic":166},{"name":47},{"id":61,"name":62,"tactic":168},{"name":64},{"id":66,"name":67,"tactic":170},{"name":69},{"id":71,"name":72,"tactic":172},{"name":74},{"id":76,"name":77,"tactic":174},{"name":79},{"id":81,"name":82,"tactic":176},{"name":84},{"id":86,"name":87,"tactic":178},{"name":84},{"id":90,"name":91,"tactic":180},{"name":84},{"id":94,"name":95,"tactic":182},{"name":84},{"id":98,"name":99,"tactic":184},{"name":84},{"id":186,"name":187,"tactics":188,"countermeasures":194},"T1574.004","Dylib Hijacking",[189,190,191,192,193],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[195,197,199,201,203,205,207,209,211,213,215],{"id":44,"name":45,"tactic":196},{"name":47},{"id":49,"name":50,"tactic":198},{"name":47},{"id":61,"name":62,"tactic":200},{"name":64},{"id":66,"name":67,"tactic":202},{"name":69},{"id":71,"name":72,"tactic":204},{"name":74},{"id":76,"name":77,"tactic":206},{"name":79},{"id":81,"name":82,"tactic":208},{"name":84},{"id":86,"name":87,"tactic":210},{"name":84},{"id":90,"name":91,"tactic":212},{"name":84},{"id":94,"name":95,"tactic":214},{"name":84},{"id":98,"name":99,"tactic":216},{"name":84},{"id":218,"name":219,"tactics":220,"countermeasures":226},"T1574.008","Path Interception by Search Order Hijacking",[221,222,223,224,225],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[227,229,231,233,235,237,239,241,243,245,247,249,251,253,255],{"id":44,"name":45,"tactic":228},{"name":47},{"id":49,"name":50,"tactic":230},{"name":47},{"id":53,"name":54,"tactic":232},{"name":47},{"id":57,"name":58,"tactic":234},{"name":47},{"id":61,"name":62,"tactic":236},{"name":64},{"id":66,"name":67,"tactic":238},{"name":69},{"id":71,"name":72,"tactic":240},{"name":74},{"id":76,"name":77,"tactic":242},{"name":79},{"id":81,"name":82,"tactic":244},{"name":84},{"id":86,"name":87,"tactic":246},{"name":84},{"id":90,"name":91,"tactic":248},{"name":84},{"id":94,"name":95,"tactic":250},{"name":84},{"id":98,"name":99,"tactic":252},{"name":84},{"id":102,"name":103,"tactic":254},{"name":84},{"id":106,"name":107,"tactic":256},{"name":84},[],[259,260,261],"GHSA-p436-gjf2-799p","BIT-docker-cli-2025-15558","GO-2026-4610",[],[264,266,268],{"_key":265},"OPENSUSE-SU-2026:10369-1",{"_key":267},"SUSE-SU-2026:1042-1",{"_key":269},"OPENSUSE-SU-2026:10684-1",[],[272,273,274,275],{"_key":265},{"_key":267},{"_key":269},{"_key":276},"CGA-6MMJ-5XC7-26C2","2026-03-04T16:14:32.045Z","2026-03-05T04:55:47.099Z","Analyzed",{"cisa_kev":281,"cisa_ransomware":281,"cisa_vendor":9,"epss_severity":282,"epss_score":283,"severity":284,"severity_score":285,"severity_version":286,"severity_source":287,"severity_vector":288,"severity_status":279},false,"low",0.00023,"high",8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",[290,296,302,311,316,320,324,328,332,337],{"url":291,"sources":292,"tags":294},"https://docs.docker.com/desktop/release-notes/",[293,287],"cve.org",[295],"Release Notes",{"url":297,"sources":298,"tags":299},"https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/",[293,287],[300,301],"Third Party Advisory","Not Applicable",{"url":303,"sources":304,"tags":306},"https://github.com/docker/cli/pull/6713",[293,287,305],"osv_go",[307,308,309,310],"Patch","Issue Tracking","WEB","FIX",{"url":312,"sources":313,"tags":314},"https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p",[305],[309,315],"Advisory",{"url":317,"sources":318,"tags":319},"https://nvd.nist.gov/vuln/detail/CVE-2025-15558",[305],[315],{"url":321,"sources":322,"tags":323},"https://github.com/docker/compose/pull/12300",[305],[309,310],{"url":325,"sources":326,"tags":327},"https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa",[305],[309,310],{"url":329,"sources":330,"tags":331},"https://docs.docker.com/desktop/release-notes",[305],[309],{"url":333,"sources":334,"tags":335},"https://github.com/docker/cli",[305],[336],"PACKAGE",{"url":338,"sources":339,"tags":340},"https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304",[305],[309],[],{"date":343,"score":283,"percentile":344},"2026-06-05",0.06665,[346,350,352,354,357,360,364,367,370,373,376,379,382,385,388,391,394,398,401,404,407,410,413,416,419,421,424,427,430,433,436,439,442,445,448,451,454,457,460,463,466,469,472,475,478,481,483,486,489,492,495,498,501,504,507,510,513,516,519,522,525,528,531,534,537,540,543,546,549,552,555,558,561,564,567,570,573,576,579,582,585,588,590,593,596,599,602,605,608,611],{"date":347,"score":348,"percentile":349},"2026-03-05",0.00005,0.00249,{"date":351,"score":348,"percentile":349},"2026-03-06",{"date":353,"score":348,"percentile":349},"2026-03-07",{"date":355,"score":348,"percentile":356},"2026-03-08",0.00245,{"date":358,"score":348,"percentile":359},"2026-03-09",0.00244,{"date":361,"score":362,"percentile":363},"2026-03-10",0.00011,0.01241,{"date":365,"score":362,"percentile":366},"2026-03-11",0.01206,{"date":368,"score":362,"percentile":369},"2026-03-12",0.01213,{"date":371,"score":362,"percentile":372},"2026-03-13",0.01211,{"date":374,"score":362,"percentile":375},"2026-03-14",0.0118,{"date":377,"score":362,"percentile":378},"2026-03-15",0.01174,{"date":380,"score":362,"percentile":381},"2026-03-16",0.01171,{"date":383,"score":362,"percentile":384},"2026-03-17",0.01144,{"date":386,"score":362,"percentile":387},"2026-03-18",0.01143,{"date":389,"score":362,"percentile":390},"2026-03-19",0.0114,{"date":392,"score":362,"percentile":393},"2026-03-20",0.01139,{"date":395,"score":396,"percentile":397},"2026-03-21",0.0002,0.05184,{"date":399,"score":396,"percentile":400},"2026-03-22",0.05176,{"date":402,"score":396,"percentile":403},"2026-03-23",0.05179,{"date":405,"score":396,"percentile":406},"2026-03-24",0.05163,{"date":408,"score":396,"percentile":409},"2026-03-25",0.05205,{"date":411,"score":396,"percentile":412},"2026-03-26",0.05243,{"date":414,"score":396,"percentile":415},"2026-03-27",0.05241,{"date":417,"score":396,"percentile":418},"2026-03-28",0.05246,{"date":420,"score":396,"percentile":415},"2026-03-29",{"date":422,"score":396,"percentile":423},"2026-03-30",0.05225,{"date":425,"score":396,"percentile":426},"2026-03-31",0.05195,{"date":428,"score":396,"percentile":429},"2026-04-01",0.05215,{"date":431,"score":396,"percentile":432},"2026-04-02",0.05257,{"date":434,"score":396,"percentile":435},"2026-04-03",0.05274,{"date":437,"score":396,"percentile":438},"2026-04-04",0.0529,{"date":440,"score":283,"percentile":441},"2026-04-05",0.06086,{"date":443,"score":283,"percentile":444},"2026-04-06",0.06059,{"date":446,"score":283,"percentile":447},"2026-04-07",0.06068,{"date":449,"score":283,"percentile":450},"2026-04-08",0.06108,{"date":452,"score":283,"percentile":453},"2026-04-09",0.06148,{"date":455,"score":283,"percentile":456},"2026-04-10",0.06147,{"date":458,"score":283,"percentile":459},"2026-04-11",0.06139,{"date":461,"score":283,"percentile":462},"2026-04-12",0.06136,{"date":464,"score":283,"percentile":465},"2026-04-13",0.06128,{"date":467,"score":283,"percentile":468},"2026-04-14",0.06074,{"date":470,"score":283,"percentile":471},"2026-04-15",0.06083,{"date":473,"score":283,"percentile":474},"2026-04-16",0.06089,{"date":476,"score":283,"percentile":477},"2026-04-17",0.06099,{"date":479,"score":283,"percentile":480},"2026-04-18",0.061,{"date":482,"score":283,"percentile":441},"2026-04-19",{"date":484,"score":283,"percentile":485},"2026-04-20",0.06066,{"date":487,"score":283,"percentile":488},"2026-04-21",0.06249,{"date":490,"score":283,"percentile":491},"2026-04-22",0.06254,{"date":493,"score":283,"percentile":494},"2026-04-23",0.06274,{"date":496,"score":283,"percentile":497},"2026-04-24",0.06267,{"date":499,"score":283,"percentile":500},"2026-04-25",0.06301,{"date":502,"score":283,"percentile":503},"2026-04-26",0.06294,{"date":505,"score":283,"percentile":506},"2026-04-27",0.06286,{"date":508,"score":283,"percentile":509},"2026-04-28",0.06289,{"date":511,"score":283,"percentile":512},"2026-04-29",0.06307,{"date":514,"score":283,"percentile":515},"2026-04-30",0.06314,{"date":517,"score":283,"percentile":518},"2026-05-01",0.06311,{"date":520,"score":396,"percentile":521},"2026-05-02",0.05423,{"date":523,"score":396,"percentile":524},"2026-05-03",0.0541,{"date":526,"score":396,"percentile":527},"2026-05-04",0.05401,{"date":529,"score":396,"percentile":530},"2026-05-05",0.05397,{"date":532,"score":396,"percentile":533},"2026-05-06",0.05404,{"date":535,"score":396,"percentile":536},"2026-05-07",0.05441,{"date":538,"score":396,"percentile":539},"2026-05-08",0.05438,{"date":541,"score":396,"percentile":542},"2026-05-09",0.05484,{"date":544,"score":396,"percentile":545},"2026-05-10",0.05501,{"date":547,"score":283,"percentile":548},"2026-05-11",0.06498,{"date":550,"score":283,"percentile":551},"2026-05-12",0.0651,{"date":553,"score":283,"percentile":554},"2026-05-13",0.06514,{"date":556,"score":283,"percentile":557},"2026-05-14",0.06528,{"date":559,"score":283,"percentile":560},"2026-05-15",0.06533,{"date":562,"score":283,"percentile":563},"2026-05-16",0.06545,{"date":565,"score":283,"percentile":566},"2026-05-17",0.06537,{"date":568,"score":283,"percentile":569},"2026-05-18",0.06494,{"date":571,"score":283,"percentile":572},"2026-05-19",0.06464,{"date":574,"score":283,"percentile":575},"2026-05-20",0.06424,{"date":577,"score":283,"percentile":578},"2026-05-21",0.06429,{"date":580,"score":283,"percentile":581},"2026-05-22",0.06683,{"date":583,"score":283,"percentile":584},"2026-05-23",0.06679,{"date":586,"score":283,"percentile":587},"2026-05-24",0.0668,{"date":589,"score":283,"percentile":344},"2026-05-25",{"date":591,"score":283,"percentile":592},"2026-05-26",0.06635,{"date":594,"score":283,"percentile":595},"2026-05-27",0.06673,{"date":597,"score":283,"percentile":598},"2026-05-28",0.06783,{"date":600,"score":283,"percentile":601},"2026-05-29",0.06794,{"date":603,"score":283,"percentile":604},"2026-05-30",0.06786,{"date":606,"score":283,"percentile":607},"2026-05-31",0.06774,{"date":609,"score":283,"percentile":610},"2026-06-01",0.06738,{"date":612,"score":283,"percentile":613},"2026-06-02",0.06674,[615,619,625],{"source":293,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":616},{"baseScore":4,"baseSeverity":617,"vectorString":618,"impactScore":9,"exploitabilityScore":9},"HIGH","CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U",{"source":287,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":620,"cvss_v4_0":623},{"baseScore":285,"baseSeverity":617,"vectorString":288,"impactScore":621,"exploitabilityScore":622},9.8,5.4,{"baseScore":4,"baseSeverity":617,"vectorString":624,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:X/U:X",{"source":305,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":626},{"baseScore":4,"baseSeverity":9,"vectorString":627,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",[629,641,657,663,673],{"ecosystem":9,"name":630,"vendor":631,"product":632,"cpe_part":633,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":634},"command line interface","docker","command_line_interface","a",[635],{"version":636,"is_range":637,"range_type":638,"version_start":9,"version_start_type":9,"version_end":639,"version_end_type":640,"fixed_in":9},"lte29.1.5",true,"cpe","29.1.5","including",{"ecosystem":642,"name":643,"vendor":644,"product":645,"cpe_part":9,"purl_type":646,"purl_namespace":644,"purl_name":645,"source":9,"versions":647},"Go","github.com/docker/cli","github.com/docker","cli","golang",[648,653],{"version":649,"is_range":637,"range_type":650,"version_start":9,"version_start_type":9,"version_end":651,"version_end_type":652,"fixed_in":9},"lt29_2_0+incompatible","semver","29.2.0+incompatible","excluding",{"version":654,"is_range":637,"range_type":650,"version_start":655,"version_start_type":640,"version_end":656,"version_end_type":652,"fixed_in":9},"gte19_03_0_lt29_2_0","19.03.0","29.2.0",{"ecosystem":642,"name":658,"vendor":644,"product":659,"cpe_part":9,"purl_type":646,"purl_namespace":644,"purl_name":659,"source":9,"versions":660},"github.com/docker/compose","compose",[661],{"version":662,"is_range":637,"range_type":650,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"ecosystem":642,"name":664,"vendor":658,"product":665,"cpe_part":9,"purl_type":646,"purl_namespace":658,"purl_name":665,"source":9,"versions":666},"github.com/docker/compose/v2","v2",[667,671],{"version":668,"is_range":637,"range_type":650,"version_start":669,"version_start_type":640,"version_end":670,"version_end_type":640,"fixed_in":9},"gte2_31_0_lte2_40_3","2.31.0","2.40.3",{"version":672,"is_range":637,"range_type":650,"version_start":669,"version_start_type":640,"version_end":9,"version_end_type":9,"fixed_in":9},"gte2_31_0",{"ecosystem":642,"name":674,"vendor":658,"product":675,"cpe_part":9,"purl_type":646,"purl_namespace":658,"purl_name":675,"source":9,"versions":676},"github.com/docker/compose/v5","v5",[677],{"version":678,"is_range":637,"range_type":650,"version_start":9,"version_start_type":9,"version_end":679,"version_end_type":652,"fixed_in":9},"lt5_1_0","5.1.0"]