PT-2026-28167

Name of the Vulnerable Software and Affected Versions yaml versions prior to 1.10.3 yaml versions prior to 2.8.3 Description The yaml library is susceptible to a stack overflow when parsing YAML documents. The issue occurs during the node resolution/composition phase, which uses recursive functio...

MAL-2026-2145 Malicious code in compose-rl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d7bb3250324aea46c0121883650a393aeee3569ba3a3a8f202530bdc523a5735 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Heimdall: Path received via Envoy gRPC corrupted when containing query string

Summary When using heimdall in envoy gRPC decision API mode, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. The HTTP based decision API is NOT affected, and proxy mode is NOT affected either. Note: The issue can only lead to unintended acces...

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-47911 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-11065 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-11065 affecting package moby-compose for versions less than 2.17.3-14

CVE-2025-11065 affecting package moby-compose for versions less than 2.17.3-14. A patched version of the package is available...

SUSE-SU-2026:20656-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...

GHSA-XXPW-32HF-Q8V9 AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

AVideo: Unauthenticated PHP session store exposed to host network via published memcached port

Summary The official docker-compose.yml publishes the memcached service on host port 11211 0.0.0.0:11211 with no authentication, while the Dockerfile configures PHP to store all user sessions in that memcached instance. An attacker who can reach port 11211 can read, modify, or flush session data ...

PT-2026-23437

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 24.0 Description The AVideo application's official docker-compose.yml file publishes the memcached service on host port 11211 0.0.0.0:11211 without authentication. The Dockerfile configures PHP to store all user sessio...

CVE-2025-15558

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries docker-compose.exe, docker-buildx.exe, etc. that are executed when a...

PT-2026-22939

Name of the Vulnerable Software and Affected Versions Docker CLI versions through 29.1.5 Docker Compose versions 2.31.0 through 5.0.0 Description The Docker CLI for Windows searches for plugin binaries in C:ProgramDataDockercli-plugins, a directory that does not exist by default. An attacker with...

SUSE-SU-2026:20451-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...

minimal_poc

bas...

OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

GHSA-VF5J-R2HW-2HRW OpenCloud Affected by Public Link Exploit

Impact A security issue was discovered in Reva that enables a malicious user to bypass the scope validation of a public link. That allows it to access resources outside the scope of a public link. OpenCloud uses Reva as one of its core components and thus it is affected. Patches Update to OpenClo...

AZL-76937 CVE-2025-58190 affecting package docker-compose 2.27.0-6

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-76940 CVE-2025-47911 affecting package docker-compose 2.27.0-6

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

Exploit for Deserialization of Untrusted Data in Bentoml

CVE-2025-27520 — Безопасная учебная симуляция / PoC Demo Stan...