CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

CVE-2025-34159

Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...

Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS

A critical vulnerability CVE-2025-9074 in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious…...

PatchProve

PatchProve A PoC-Driven Benchmark for Evaluating Large Lang...

Linux Distros Unpatched Vulnerability : CVE-2021-21284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege...

JetBrains TeamCity Information Disclosure Vulnerability

JetBrains TeamCity is a Continuous Integration/Continuous Deployment CI/CD tool developed by JetBrains to automate the software build, test, and deployment process with support for multiple programming languages and tools. JetBrains TeamCity suffers from an information disclosure vulnerability th...

PT-2025-34900

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to v4.0.0-beta.420.6 Description: Coolify is susceptible to a remote code execution issue within the application deployment workflow. Authenticated users with low-level member privileges can inject arbitrary Docker...

Linux Distros Unpatched Vulnerability : CVE-2018-20871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on rootsquash, weak file permissions other write access occur in certain...

Linux Distros Unpatched Vulnerability : CVE-2021-39939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4...

Linux Distros Unpatched Vulnerability : CVE-2020-13347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system...

Exploit for Out-of-bounds Write in Php

Task Management APP CVE-2019-11043 Lab Minimal PHP app with...

This Week in Spring - August 26th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the floor of SpringOne, live from lovely Las Vegas! As you can imagine, I've got to get back into it, so we'll make this one a quick one. And if you're here, be sure to say "hi"! In last week's A Bootifu...

Linux Distros Unpatched Vulnerability : CVE-2020-8564

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file bein...

CVE-2025-57802

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory /app/data. Because the container bind-mounts an...

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074 , carries a CVSS score of 9.3 out of 10.0. It has...

CVE-2025-57802

Airlink’s Daemon vulnerability (CVE-2025-57802) affects version 1.0.0, where an attacker with access to the affected container can create symbolic links inside the mounted /app/data directory. Because the container bind-mounts an arbitrary host path, these symlinks can point to sensitive host loc...

CVE-2025-57802 Airlink's Daemon Symlink Vulnerability

Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected container can create symbolic links inside the mounted directory /app/data. Because the container bind-mounts an...

Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)

This vulnerability was discovered by researchers at Check Point. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. Summary A privilege escalation vulnerability exists in Langflow containers where an authenticate...

Exploit for CVE-2025-9074

CVE-2025-9074 – Docker Desktop Windows Container→Host Write...