| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-14740 | Docker Desktop for Windows Incorrect Permission Assignment Privilege Escalation Vulnerabilities | Docker Inc. | Docker Desktop | Medium | 6.7 | 2026-02-04 13:57:23 | Deep Dive |
| CVE-2024-6222 | In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages | Docker Inc. | Docker Desktop | - | - | 2024-07-09 17:16:06 | Deep Dive |
| CVE-2024-5652 | In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode | Docker Inc. | Docker Desktop | Medium | 6.1 | 2024-07-09 17:07:09 | Deep Dive |
| CVE-2023-0633 | In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in LPE | Docker Inc. | Docker Desktop | High | 7.2 | 2023-09-25 15:32:20 | Deep Dive |
| CVE-2023-0627 | Docker Desktop 4.11.x allows --no-windows-containers flag bypass | Docker Inc. | Docker Desktop | Medium | 6.7 | 2023-09-25 15:31:59 | Deep Dive |
| CVE-2023-0626 | Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route | Docker Inc. | Docker Desktop | High | 8.0 | 2023-09-25 15:31:38 | Deep Dive |
| CVE-2023-0625 | Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog | Docker Inc. | Docker Desktop | High | 8.0 | 2023-09-25 15:31:09 | Deep Dive |
| CVE-2023-5166 | Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL | Docker Inc. | Docker Desktop | High | 8.0 | 2023-09-25 15:30:10 | Deep Dive |
| CVE-2023-5165 | Docker Desktop before 4.23.0 allows Enhanced Container Isolation bypass via debug shell | Docker Inc. | Docker Desktop | High | 7.1 | 2023-09-25 15:29:13 | Deep Dive |
| CVE-2023-0629 | Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation restrictions via the raw Docker socket and launch privileged containers | Docker Inc. | Docker Desktop | High | 7.1 | 2023-03-13 11:16:41 | Deep Dive |
| CVE-2023-0628 | Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL | Docker Inc. | Docker Desktop | Medium | 6.1 | 2023-03-13 11:16:30 | Deep Dive |