CVE-2025-14707 Shiguangwu sgwbox N3 DOCKER Feature http_eshell_server command injection

A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/httpeshellserver of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploi...

📄 Docker Compose 2.40.3 Command Execution

Docker Compose version 2.40.3 proof of concept provider type PHP command execution exploit. ============================================================================================================================================= | Title : Docker Compose v 2.40.3 Provider Type PHP Command...

PT-2025-51201

Name of the Vulnerable Software and Affected Versions Shiguangwu sgwbox N3 version 2.0.25 Description A security flaw exists in Shiguangwu sgwbox N3 2.0.25 within the DOCKER Feature. Manipulation of the params argument in an unknown function of the file /usr/sbin/http eshell server can lead to...

Exploit for Improper Neutralization of Line Delimiters in Cacti

███╗ ███╗ ██████╗ ███╗ ██╗██╗████████╗ ██████╗ ██████╗ █...

EUVD-2025-203290

A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...

CVE-2025-14651

A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...

CVE-2025-14651

A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...

CVE-2025-14651 MartialBE one-hub docker-compose.yml hard-coded key

A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...

CVE-2025-14651

The CVE concerns MartialBE one-hub up to version 0.14.27. The vulnerability arises from the docker-compose.yml configuration where the SESSION_SECRET is manipulated, leading to use of a hard-coded cryptographic key. Reported as exploitable remotely with high attack complexity, the issue is descri...

CVE-2025-14651 MartialBE one-hub docker-compose.yml hard-coded key

A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSIONSECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attac...

PT-2025-51155

A vulnerability has been found in MartialBE one-hub up to 0.14.27. This vulnerability affects unknown code of the file docker-compose.yml. The manipulation of the argument SESSION SECRET leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an atta...

One Hub 安全漏洞

One Hub is an OpenAI interface management and distribution system for Buer individual developers. A security vulnerability exists in One Hub version 0.14.27 and earlier, which stems from the use of a hard-coded key for the parameter SESSIONSECRET in the docker-compose.yml file, which could lead t...

Exploit for Deserialization of Untrusted Data in Facebook React

R2SHELL !WARNING Este proyecto es SOLO PARA PROPÓSITO...

Hunting for Mythic in network traffic

Post-exploitation frameworks Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization's network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4,...

CVE-2025-13743

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

cyber-security-lab-soc-vapt-beginner

Cyber Security Practice Lab — Beginner SOC + VAPT This begin...

PT-2025-51041

CVE-2025-67512 - Apache Docker Privilege Escalation CVE ID : CVE-2025-67512 Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago Description : Rejected reason: The vulnerability is dependency-based. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

Exploit for Deserialization of Untrusted Data in Facebook React

💥 React2Shell-POC 💥 !pythonhttps://img.shields.io/badge/py...

abrt: Command-injection in ABRT leading to local privilege escalation

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — demo This repository provides a demonstratio...