Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop

Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

GHSA-36GQ-35J3-P9R9 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop

Impact The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

GHSA-43C9-GW4X-PCX6 Authenticated arbitrary file deletion in YesWiki

Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...

Authenticated arbitrary file deletion in YesWiki

Authenticated arbitrary file deletion in YesWiki fmRestore; $this-fmShowtrue, $isAction; break; case 'erase': $this-fmErase; $this-fmShowtrue, $isAction; break; case 'del': $this-fmDelete; $this-fmShowfalse, $isAction; break; case 'trash': $this-fmShowtrue, $isAction; break; case 'emptytrash':...

homarr 跨站脚本漏洞

homarr is a customizable browser homepage by Thomas Camlong, an individual developer, that is used to interact with Docker containers on the main server. A security vulnerability exists in homarr versions prior to v0.14.0 that stems from the inclusion of a stored cross-site scripting XSS...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2025-1119)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2025-1119)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain...

PT-2025-1609 · Docker +1 · Docker Compose +1

Name of the Vulnerable Software and Affected Versions: compose-go versions v2.10 through v2.4.0 Docker Compose versions v2.27.0 through v2.29.7 Description: The issue allows an authorized user who sends malicious YAML payloads to cause excessive memory and CPU cycle consumption while parsing YAML...

Exploit for CVE-2024-38821

CVE-2024-38821: Proof of Concept PoC: Authentication Bypass...

Exploit for Incorrect Conversion between Numeric Types in Apache Xalan-Java

CVE-2022-34169 PoC A malleable PoC and solution for the SU...

Exploit for CVE-2025-25599

CVE-2025-25599 Details Bolt is an o...

CVE-2024-45337 affecting package docker-compose for versions less than 2.27.0-2

CVE-2024-45337 affecting package docker-compose for versions less than 2.27.0-2. A patched version of the package is available...

ProcessMaker 安全漏洞

ProcessMaker is a Php-written website builder for business process management BPM and workflow management from ProcessMaker Inc. in the United States. A security vulnerability exists in ProcessMaker pm4core-docker version 4.1.21-RC7, which originates from an arbitrary file upload vulnerability in...

CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

Exploit for Improper Check for Unusual or Exceptional Conditions in Jenkins

Intro This is an exploit for CVE-2024-43044, an arbitrary fil...

MGASA-2025-0004 Updated opencontainers-runc packages fix security vulnerability

runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing...

Updated opencontainers-runc packages fix security vulnerability

runc 1.1.13 and earlier as well as 1.2.0-rc2 and earlier can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with os.MkdirAll. While this can be used to create empty files, existing...

Exploit for Race Condition in Openbsd Openssh

Summary This is essentially a statistical vulnerability: a la...

ZenML < 0.57.1 DoS (CVE-2024-4460)

The version of ZenML installed on the remote host is prior to 0.57.1. It is, therefore, affected by a denial of service DoS vulnerability exists in zenml-io/zenml version due to improper handling of line feed \n characters in component names. When a low-privileged user adds a component through th...

ZenML < 0.56.3 Unpatched Session Expiration Exposure (CVE-2024-4680)

The version of ZenML installed on the remote host is prior to 0.56.3. It is, therefore, affected by a vulnerability which allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change,...