CVE-2026-21826

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...

CVE-2026-39832 affecting package docker-compose for versions less than 2.27.0-11

CVE-2026-39832 affecting package docker-compose for versions less than 2.27.0-11. A patched version of the package is available...

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 CVSS score: 10.0...

UBUNTU-CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

EUVD-2021-1162

Malware in sbrugna...

CVE-2025-22872 affecting package docker-compose for versions less than 2.27.0-5

CVE-2025-22872 affecting package docker-compose for versions less than 2.27.0-5. A patched version of the package is available...

CVE-2024-10846 affecting package docker-compose for versions less than 2.27.0-4

CVE-2024-10846 affecting package docker-compose for versions less than 2.27.0-4. A patched version of the package is available...

CVE-2024-10846

The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...

CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3

CVE-2024-45338 affecting package docker-compose for versions less than 2.27.0-3. A patched version of the package is available...

Mutagen 安全漏洞

Mutagen is a new remote development tool that enables your existing local tools to work with code in remote environments such as cloud servers and containers. A security vulnerability exists in Mutagen versions prior to 0.16.6, 0.17.1, and mutagen-compose prior to 0.17.1, which stems from the...

UBUNTU-CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

Information Disclosure

github.com/ipfs/go-ipfs is vulnerable to information disclosure. The vulnerability exists in docker-compose.yaml because the resulting list of listeners when running IPFS are either public or bound to public IPs which allows an attacker to gain admin API access to the IPFS node and control user...

CSRF through HTML message in squirrelmail

Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element...