PT-2025-51041

CVE-2025-67512 - Apache Docker Privilege Escalation CVE ID : CVE-2025-67512 Published : Dec. 11, 2025, 12:16 a.m. | 1 hour, 2 minutes ago Description : Rejected reason: The vulnerability is dependency-based. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected...

Exploit for Deserialization of Untrusted Data in Facebook React

💥 React2Shell-POC 💥 !pythonhttps://img.shields.io/badge/py...

abrt: Command-injection in ABRT leading to local privilege escalation

A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command docker inspect %s without proper validation. An unprivileged local user can craft a payload that injects shell...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 — demo This repository provides a demonstratio...

EUVD-2025-202325

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

CVE-2025-13743

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

CVE-2025-13743 Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred...

CVE-2025-13743

Docker Desktop

Improper Protection for Out of Bounds Signal Level Alerts

Overview @nocobase/auth is a Affected versions of this package are vulnerable to Improper Protection for Out of Bounds Signal Level Alerts via the official one-click Docker deployment configuration, a public default JWT key was historically provided.. An attacker can gain unauthorized access to...

Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments

Impact CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments. Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without...

GHSA-MV7P-34FV-4874 Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments

Impact CVE-2025-13877 is an authentication bypass vulnerability caused by insecure default JWT key usage in NocoBase Docker deployments. Because the official one-click Docker deployment configuration historically provided a public default JWT key, attackers can forge valid JWT tokens without...

SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE

Summary Function importZipMd is vulnerable to ZipSlip which allows an authenticated user to overwrite files on the system. Details An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is importZipMd, this can...

GHSA-GQFV-G4V7-M366 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE

Summary Function importZipMd is vulnerable to ZipSlip which allows an authenticated user to overwrite files on the system. Details An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is importZipMd, this can...

Exploit for CVE-2025-9074

CVE-2025-9074: Docker Desktop Container Escape PoC !CVEhtt...

PT-2025-50250

Name of the Vulnerable Software and Affected Versions Docker Desktop affected versions not specified Description Docker Desktop diagnostics bundles include expired Hub PATs Personal Access Tokens in log output because of error object serialization. This can lead to the leakage of sensitive...

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

GO-2025-4179 Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode in github.com/docker/mcp-gateway

Docker MCP Plugin and Docker MCP Gateway have DNS Rebinding vulnerability when running in sse or streaming mode in github.com/docker/mcp-gateway...

Exploit for CVE-2025-66478

CVE-2025-66478 – Next.js Server Actions RCE Vulnerability: Ana...

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2025-086 (ALASDOCKER-2025-086)

The version of containerd installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-086 advisory. containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6,...