9161 matches found
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Toolkit & Lab Educational Only Lightweight G...
CVE-2025-56157
CVE-2025-56157 affects Dify up to version 1.5.1, where default PostgreSQL credentials are defined in the docker-compose.yaml in the source. The vulnerability arises from hard-coded credentials, with the database (PostgreSQL on port 5432) referenced in the config; supplier notes that the Docker se...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
CVE-2025-56157
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL on TCP port 5432 exposed by default in version 1.0.1 or later...
PT-2025-52280
Name of the Vulnerable Software and Affected Versions Dify versions through 1.5.1 Description The software contains default credentials. Specifically, the PostgreSQL username and password are specified in the docker-compose.yaml file included in the source code. Recommendations Versions prior to...
DEM-Bravo
DEM — Docker Exploit Mapper Welcome to DEM, a fully cont...
homarr 注入漏洞
homarr is a customizable browser homepage by Thomas Camlong, an individual developer, that is used to interact with Docker containers on the home server. An injection vulnerability exists in homarr versions prior to 1.45.3 that stems from insufficient ldap search query input cleanup, which could...
Docker Desktop < 4.54.0 Sensitive Data Leakage
The version of Docker Desktop is prior to 4.54.0. It is therefore affected by a data leakage vulnerability. Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported...
Fedora 44 : docker-buildkit (2025-e0f9ab8bc7)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e0f9ab8bc7 advisory. Automatic update for docker-buildkit-0.26.3-1.fc44. Changelog Tue Dec 16 2025 Bradley G Smith - 0.26.3-1 - Update to release v0.26.3 - Resolves...
CVE-2025-14707
A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/httpeshellserver of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploi...
CVE-2025-14651
A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +20 more potentially affected by CVE-2025-66388 via apache-airflow-task-sdk (>=1.0.0rc4 <=1.1.4)
apache-airflow-task-sdk PYPI version =1.0.0rc4, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0rc3, =3.0.0rc3, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =0.0.4, =0.0.6.dev1 and more Source cves: CVE-2025-66388 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-14459396...
CVE-2025-14707
A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/httpeshellserver of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploi...
CVE-2025-14707
A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/httpeshellserver of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploi...
EUVD-2025-203336
A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/httpeshellserver of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploi...
CVE-2025-14707 Shiguangwu sgwbox N3 DOCKER Feature http_eshell_server command injection
A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/httpeshellserver of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploi...