AZL-55947 CVE-2024-10846 affecting package docker-compose for versions less than 2.27.0-4

The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

CVE-2024-10846

Summary: CVE-2024-10846 affects the compose-go library. The vulnerability occurs in versions v2.10–v2.4.0 of the compose-go component when an authorized user sends malicious YAML payloads, causing the library to consume excessive memory and CPU cycles during YAML parsing (as used by Docker Compos...

CVE-2024-10846 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop

The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

Security update for docker-stable

This update for docker-stable fixes the following issues: CVE-2024-29018: Fixed external DNS request handling from 'internal' networks that could have led to data exfiltration bsc1234089. CVE-2024-23650: Fixed possibile BuildKit daemon crash via malicious BuildKit client or frontend request...

CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3

CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3. A patched version of the package is available...

CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3

CVE-2024-45338 affecting package docker-buildx for versions less than 0.14.0-3. A patched version of the package is available...

GHSA-36GQ-35J3-P9R9 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop

Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop

Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

GHSA-43C9-GW4X-PCX6 Authenticated arbitrary file deletion in YesWiki

Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...

Authenticated arbitrary file deletion in YesWiki

Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1119)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

homarr 跨站脚本漏洞

homarr is a customizable browser homepage by Thomas Camlong, an individual developer, that is used to interact with Docker containers on the main server. A security vulnerability exists in homarr versions prior to v0.14.0 that stems from the inclusion of a stored cross-site scripting XSS...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2025-1119)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain...

PT-2025-1609 · Docker +1 · Docker Compose +1

Name of the Vulnerable Software and Affected Versions: compose-go versions v2.10 through v2.4.0 Docker Compose versions v2.27.0 through v2.29.7 Description: The issue allows an authorized user who sends malicious YAML payloads to cause excessive memory and CPU cycle consumption while parsing YAML...

Exploit for CVE-2024-38821

CVE-2024-38821: Proof of Concept PoC: Authentication Bypass...

Exploit for Incorrect Conversion between Numeric Types in Apache Xalan-Java

CVE-2022-34169 PoC A malleable PoC and solution for the SU...

Exploit for CVE-2025-25599

CVE-2025-25599 Details Bolt is an o...

CVE-2024-45337 affecting package docker-compose for versions less than 2.27.0-2

CVE-2024-45337 affecting package docker-compose for versions less than 2.27.0-2. A patched version of the package is available...

ProcessMaker 安全漏洞

ProcessMaker is a Php-written website builder for business process management BPM and workflow management from ProcessMaker Inc. in the United States. A security vulnerability exists in ProcessMaker pm4core-docker version 4.1.21-RC7, which originates from an arbitrary file upload vulnerability in...

CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...