935 matches found
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
CVE-2025-55996
Viber Desktop 25.6.0 is affected by a HTML Injection vulnerability caused by improper handling of the text parameter in the message compose/forward interface. The issue can be triggered via the text field and has a CVSSv3.1 base score of 6.3 (Medium) with NETWORK attack vector, requiring user int...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
CVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface...
PT-2025-37322
Name of the Vulnerable Software and Affected Versions: Viber Desktop version 25.6.0 Description: Viber Desktop version 25.6.0 is susceptible to HTML Injection through the text parameter within the message compose/forward interface. Recommendations: As a temporary workaround, sanitize the text...
Rakuten Viber Desktop 安全漏洞
Rakuten Viber Desktop is an instant messaging software from Viber Luxembourg. A security vulnerability exists in Rakuten Viber Desktop version 25.6.0, which stems from improper handling of text parameters in the message compose or forward interface, which could lead to an HTML injection attack...
vulhub
This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The repository contains a collection of vulnerable applications and services, along with their corresponding Dockerfiles and configuration files. The vulnerable environments are designed to help...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
This repository is a collection of proof-of-concept PoC exploits from Datadog Security Labs. The exploits are designed to demonstrate vulnerabilities in various software products, including Confluence, OpenSSL, and Spring. The repository contains code and instructions for running the exploits, as...
Exploit for SQL Injection in Sangoma Freepbx
Work in Progress FreePBX CVE-2025-57819 Lab - Unauth SQLi →...
CVE-2025-34159
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...
CVE-2025-34159
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...
CVE-2025-34159
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...
CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...
CVE-2025-34159 Coolify Docker Compose Directive Injection in Application Deployment Workflow
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...
CVE-2025-34159
Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary Docker Compose directives during project creation. By crafting...
CVE-2025-34159
CVE-2025-34159 affects Coolify
PT-2025-34900
Name of the Vulnerable Software and Affected Versions: Coolify versions prior to v4.0.0-beta.420.6 Description: Coolify is susceptible to a remote code execution issue within the application deployment workflow. Authenticated users with low-level member privileges can inject arbitrary Docker...
CVE-2025-53363
Summary: Dpanel (Go) versions 1.2.0–1.7.2 are affected by an arbitrary file read vulnerability in /api/app/compose/get-from-uri. The GetFromUri function passes the user-provided uri directly to os.ReadFile, enabling an authenticated user to read arbitrary files on the host and disclose sensitive ...
CVE-2025-55740
nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...
GHSA-PR72-8FXW-XX22 Default Credentials in nginx-defender Configuration Files
Impact This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml, docker-compose.yml contain default credentials defaultpassword: "changemeplease", GFSECURITYADMINPASSWORD=admin123. If users deploy nginx-defender without changing these...