CVE-2025-6587 Exposure of system environment variables in Docker Desktop diagnostic logs

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...

CVE-2025-6587 Exposure of system environment variables in Docker Desktop diagnostic logs

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Apache Tomcat RCE Exploit PoC This repository...

PT-2025-27769 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.43.0 Description: The issue concerns the recording of system environment variables in Docker Desktop diagnostic logs when using shell auto-completion. This leads to the unintentional disclosure of sensitive...

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 – sudo chroot "chwoot" PoC This repository p...

Exploit for Use of Externally-Controlled Format String in Fortinet Fortiproxy

CVE-2024-23113 FortiOS Test Environment A Docker-based test e...

CVE-2025-52999 vulnerabilities

Vulnerabilities for packages: cassandra-reaper, scala, celeborn, tez, gradle-stage0, confluent-common-docker, cassandra...

GHSA-H46C-H94J-95F3 vulnerabilities

Vulnerabilities for packages: cassandra-reaper, scala, celeborn, tez, gradle-stage0, confluent-common-docker, cassandra...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 – Sudo chroot Local Privilege Escalation Lab T...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 – sudo chroot "chwoot" PoC This repository p...

This Week in Spring - July 1st, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's July!! This week, I'm on PTO, and as always, I'm looking for good reading material on the plane ride over for my holiday. Thank goodness for the ever-vibrant and awesome Spring community; there's tons of stuff to dive...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1685)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1700)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP13 : docker-engine (EulerOS-SA-2025-1700)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers...

SUSE SLES15 / openSUSE 15 Security Update : helm (SUSE-SU-2025:02121-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02121-1 advisory. Update to version 3.18.3: builddeps: bump golang.org/x/crypto from 0.38.0 to 0.39.0 6838ebc dependabotbot fix: user username...

Exploit for CVE-2024-38819

CVE-2024-38819: Proof of Concept PoC This is a proof of con...

Mageia: Security Advisory (MGASA-2025-0189)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated docker packages fix security vulnerability

External DNS requests from 'internal' networks could lead to data exfiltration - CVE-2024-29018 We can't determine if docker 24.0.5 is affected but as it is no longer supported we are releasing version 25.0.7, as it is supported and free of the CVE...

MGASA-2025-0189 Updated docker packages fix security vulnerability

External DNS requests from 'internal' networks could lead to data exfiltration - CVE-2024-29018 We can't determine if docker 24.0.5 is affected but as it is no longer supported we are releasing version 25.0.7, as it is supported and free of the CVE...