Lucene search
K

568 matches found

OSV
OSV
added 2026/03/26 9:12 a.m.2 views

SUSE-SU-2026:20871-1 Security update for docker-compose

This update for docker-compose fixes the following issue: - CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files bsc1252752...

8.9CVSS7.4AI score0.13848EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.15 views

PT-2026-41141

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer supports deploying stacks from Git repositories...

9.9CVSS5.9AI score0.00416EPSS
Exploits2References13
Github Security Blog
Github Security Blog
added 2026/03/18 1:0 p.m.33 views

Heimdall: Path received via Envoy gRPC corrupted when containing query string

Summary When using heimdall in envoy gRPC decision API mode, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. The HTTP based decision API is NOT affected, and proxy mode is NOT affected either. Note: The issue can only lead to unintended acces...

8.2CVSS5.7AI score0.003EPSS
Exploits1References6Affected Software1
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.7 views

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.5 views

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

5.3CVSS5.8AI score0.00357EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.5 views

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

5.3CVSS5.8AI score0.00482EPSS
Exploits1
OSV
OSV
added 2026/03/06 11:34 a.m.3 views

SUSE-SU-2026:20656-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...

8.9CVSS6.8AI score0.13848EPSS
Exploits1References7
OSV
OSV
added 2026/03/05 1:22 a.m.3 views

GHSA-XXPW-32HF-Q8V9 AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

8.1CVSS6.1AI score0.0049EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/05 1:22 a.m.7 views

AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

9.8CVSS6.1AI score0.0049EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23437

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 24.0 Description The AVideo application's official docker-compose.yml file publishes the memcached service on host port 11211 0.0.0.0:11211 without authentication. The Dockerfile configures PHP to store all user sessio...

9.8CVSS6AI score0.0049EPSS
Exploits1References12
NVD
NVD
added 2026/03/04 5:16 p.m.18 views

CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

8CVSS0.00472EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.3 views

PT-2026-22939

Name of the Vulnerable Software and Affected Versions Docker CLI versions through 29.1.5 Docker Compose versions 2.31.0 through 5.0.0 Description The Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. An attacker with...

9.8CVSS6AI score0.00472EPSS
Exploits0
OSV
OSV
added 2026/02/17 8:53 a.m.4 views

SUSE-SU-2026:20451-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...

7.5CVSS6.7AI score0.00632EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/02/14 6:45 p.m.175 views

minimal_poc

bas...

5.4AI score
Exploits0
OSV
OSV
added 2026/02/05 9:29 p.m.6 views

GHSA-VF5J-R2HW-2HRW OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

8.2CVSS5.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/05 9:29 p.m.11 views

OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

5.5AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/05 6:16 p.m.4 views

AZL-76937 CVE-2025-58190 affecting package docker-compose 2.27.0-6

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.6 views

AZL-76940 CVE-2025-47911 affecting package docker-compose 2.27.0-6

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/04 6:18 p.m.184 views

Exploit for Deserialization of Untrusted Data in Bentoml

CVE-2025-27520 — Безопасная учебная симуляция / PoC Demo Stan...

9.8CVSS8.5AI score0.3592EPSS
Exploits5
GithubExploit
GithubExploit
added 2026/02/04 6:13 p.m.204 views

Exploit for Asymmetric Resource Consumption (Amplification) in Openjsf Body-Parser

markdown CVE-2024-45590 - WordPress Plugin RCE PoC Vuln...

7.5CVSS7.8AI score0.00824EPSS
Exploits1
Rows per page
Query Builder