Lucene search
K

563 matches found

CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.7 views

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
OSV
OSV
added 2026/03/06 11:34 a.m.3 views

SUSE-SU-2026:20656-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...

8.9CVSS6.8AI score0.13848EPSS
Exploits1References7
OSV
OSV
added 2026/03/05 1:22 a.m.3 views

GHSA-XXPW-32HF-Q8V9 AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

8.1CVSS6.1AI score0.0049EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/05 1:22 a.m.7 views

AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

9.8CVSS6.1AI score0.0049EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23437

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 24.0 Description The AVideo application's official docker-compose.yml file publishes the memcached service on host port 11211 0.0.0.0:11211 without authentication. The Dockerfile configures PHP to store all user sessio...

9.8CVSS6AI score0.0049EPSS
Exploits1References12
NVD
NVD
added 2026/03/04 5:16 p.m.13 views

CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

8CVSS0.00472EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.3 views

PT-2026-22939

Name of the Vulnerable Software and Affected Versions Docker CLI versions through 29.1.5 Docker Compose versions 2.31.0 through 5.0.0 Description The Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. An attacker with...

9.8CVSS6AI score0.00472EPSS
Exploits0
OSV
OSV
added 2026/02/17 8:53 a.m.4 views

SUSE-SU-2026:20451-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...

7.5CVSS6.7AI score0.00591EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/02/14 6:45 p.m.173 views

minimal_poc

bas...

5.4AI score
Exploits0
OSV
OSV
added 2026/02/05 9:29 p.m.6 views

GHSA-VF5J-R2HW-2HRW OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

8.2CVSS5.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/05 9:29 p.m.11 views

OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

5.5AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/05 6:16 p.m.4 views

AZL-76937 CVE-2025-58190 affecting package docker-compose 2.27.0-6

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.6 views

AZL-76940 CVE-2025-47911 affecting package docker-compose 2.27.0-6

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/04 6:18 p.m.180 views

Exploit for Deserialization of Untrusted Data in Bentoml

CVE-2025-27520 — Безопасная учебная симуляция / PoC Demo Stan...

9.8CVSS8.5AI score0.3592EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/02/04 6:13 p.m.200 views

Exploit for Asymmetric Resource Consumption (Amplification) in Openjsf Body-Parser

markdown CVE-2024-45590 - WordPress Plugin RCE PoC Vuln...

7.5CVSS7.8AI score0.00824EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/31 3:19 a.m.7 views

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

8.8CVSS6AI score0.00566EPSS
Exploits1References1
NVD
NVD
added 2026/01/29 10:15 p.m.10 views

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

8.8CVSS0.00566EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/29 9:49 p.m.5 views

EUVD-2026-4942

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS6AI score0.00566EPSS
Exploits1References2
OSV
OSV
added 2026/01/29 9:49 p.m.5 views

CVE-2026-25116 Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS6AI score0.00566EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/29 9:49 p.m.5 views

CVE-2026-25116 Runtipi vulnerable to unauthenticated docker-compose.yml Overwrite via Path Traversal

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS5.7AI score0.00566EPSS
Exploits1References2
Rows per page
Query Builder